Network equipment manufacturer D-Link has issued an advisory recommending users immediately discontinue use of multiple VPN router models affected by a critical security vulnerability. The company confirmed it will not release security patches to address the issue.
The remote code execution (RCE) flaw impacts several discontinued D-Link VPN router models, including the DSR-150, DSR-250, DSR-500, and DSR-1000AC. This vulnerability could allow malicious actors to gain unauthorized system access and execute arbitrary code.
According to D-Link's security notice, the affected devices have reached end-of-life status and are no longer supported with firmware updates. Rather than providing fixes, the company strongly advises customers still operating these router models to replace them with current supported products.
"We recommend users migrate to our latest VPN router offerings which incorporate enhanced security features and receive regular security updates," stated D-Link in their advisory.
Security researchers note that businesses and home users continuing to run the impacted models face increased risks of network compromise. The RCE vulnerability potentially enables attackers to take control of affected routers remotely.
D-Link emphasizes that newer router models in their product line are not affected by this security flaw. The company maintains an active security response program for supported devices, delivering patches for newly discovered vulnerabilities.
Users operating the listed discontinued models should begin planning device replacements to maintain network security. In the interim, implementing additional network security controls and monitoring can help reduce exposure risks.
The advisory underscores the importance of using network equipment that receives ongoing security maintenance and updates. Organizations relying on legacy devices may face increased threats as new vulnerabilities emerge without available fixes.