Overview
This exploit affects the DSR-150 / DSR-150N / DSR-250 / DSR-250N routers, all of which reached End of Life ("EOL")/End of Support ("EOS") for their hardware versions and firmware no later than 05/01/2024. In line with industry practice, this indicates the products may no longer receive device software updates or security patches and may no longer be supported by D-Link US (D-Link Systems, Inc.).
For customers still using these products, we recommend taking one or more of the following actions:
- Upgrade to a newer product.
- Implement additional security measures.
- Perform data backup and manage risks.
- Contact our office for further recommendations or information(LINK).
|
D-Link Service Router Upgrade Offer for US Owners of the EOL/EOS displayed below
If you are an owner of a D-Link Model listed below and live in the US, D-Link North America will offer you a new DSR-250v2 at a reduced price.
To Claim your Upgrade:
1) Click the DSR Upgrade Offer link below to see the Router Offer. (Limit 1 per EOL/EOS Device per US Address)
2) Add to Cart -> Proceed to Check Out -> Press Check-Out Button.
3) The Discount will be applied in the checkout automatically for 20% off a new DSR-250v2
Link to Offer: Click Here
|
3rd Party Report information
- Reports provided:
- Reported to D-Link by delsploit: delsploit _at_ gmail _dot com
- Description: Stack buffer overflow vulnerability, which allows unauthenticated users to execute remote code execution.
- DSR-250 from firmware 3.13 to 3.17B901C
- DSR-250N from firmware 3.13 to 3.17B901C
- Link to Public Disclosure: TBD
Affected Models
|
Model
|
Region
|
Hardware Revision
|
End of Service Life
|
Fixed Firmware
|
US Legacy Website
|
Last Updated
|
|
DSR-150
|
US
|
All H/W Revisions
|
05/01/2024
|
Not Available
|
Yes (Link)
|
11/18/2024
|
|
DSR-150N
|
US
|
All H/W Revisions
|
05/01/2024
|
Not Available
|
Yes (Link)
|
11/18/2024
|
|
DSR-250
|
US
|
All H/W Revisions
|
05/01/2024
|
Not Available
|
Yes (Link)
|
11/18/2024
|
|
DSR-250N
|
US
|
All H/W Revisions
|
05/01/2024
|
Not Available
|
Yes (Link)
|
11/18/2024
|
|
DSR-500N
|
US
|
All H/W Revisions
|
09/30/2015
|
Not Available
|
Yes (Link)
|
11/19/2024
|
|
DSR-1000N
|
(Non-US)
|
All H/W Revisions
|
10/30/2015
|
Not Available
|
Non-US
|
11/19/2024
|
Recommendation for EOL /EOS Products
By industry practice, D-Link may periodically determine that certain products have reached a stage where further support or development is no longer feasible. This decision may be driven by commonly acknowledged factors such as technology evolution, market requirements, innovation, product efficiency, or the need for product replacement due to functionally superior technology.
For U.S. Consumers
When a product reaches the end of its support or lifecycle, which we have always announced in advance, further extended support, updates, or development may not be available.
We may not be able to address issues related to devices or firmware for such products, as development and customer support may have been discontinued. If you are outside the U.S., please contact your regional D-Link office with any inquiries.
If a licensed carrier/service provider provided your device and uses specific firmware, please contact your carrier/service provider for support. Devices on the list may have 3rd open firmware available; however, D-Link does not support open firmware, which voids any warranty and is solely the responsibility of the device owner.
D-Link cautions that continued use may pose risks to other connected devices. If users continue using these devices, please ensure they are updated to the latest known firmware on the Legacy Website links above. Additionally, users should frequently update a device's unique password to access its web configuration and always have Wi-Fi encryption enabled with a strong and unique password.