A potentially dangerous bug affects some routers from D-Link that are no longer supported by the manufacturer. The advice: buy a new router.
Some routers from D-Link are susceptible to a bug, the manufacturer shares in an announcement. Many details about the bug are not known: it has not even been labeled a CVE yet. The vulnerability allows “unauthenticated users to execute code,” is all D-Link wants to say at this time.
The manufacturer then also shared a list more routers susceptible to the bug. Five of the six vulnerable models are sold only in the US. Only the DSR-1000N model is available outside of that country. Those who still have this router in use should also look especially to themselves: D-Link no longer supports this model since October 2015.
End of life
There’s the rub right there. The vulnerable router models are all EOL(end-of-life), meaning customers should not expect a patch. D-Link makes it clear that no exception is possible, no matter how damaging the bug. “D-Link should not provide support for these EOL products,” the notice reads.
D-Link’s only advice is to purchase a new, still-supported router. The manufacturer is even willing to grant discounts of up to 20 percent to give an incentive to customers with outdated routers, for whom the risk of being hacked is not enough. That discount offer is only valid in the United States. Non-U.S. customers are asked to contact their local vendor.
Until the new router is delivered, D-Link requests that the router’s password be updated regularly and Wi-Fi encryption be enabled. This incident is a textbook example of the risks of using outdated hardware against all advice. No matter what brand you have, as soon as a manufacturer refuses to support a particular product, use is at your own risk.