Although there have been no reports of active attacks exploiting this vulnerability, D-Link emphasizes the urgency for users to replace their routers to avoid potential risks.

D-Link has cautioned that continued use of these vulnerable routers could expose all connected devices to significant risks, including adversary-in-the-middle attacks and potential ransomware deployment.

D-Link has issued a warning for users of older VPN routers, urging them to replace their devices due to a serious remote code execution (RCE) vulnerability that will not be patched as these models have reached end of life (EOL) and end of support (EOS).

The company's inaction regarding these security flaws may damage its reputation and deter future customers, as many users remain unaware of the vulnerabilities.

D-Link maintains a strict policy against issuing fixes for EOL products, even when critical vulnerabilities are discovered, which has drawn significant backlash from users and experts alike.

The affected models include the DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, and DSR-1000N, all of which are now considered obsolete.

This vulnerability, identified as a stack buffer overflow, allows unauthenticated users to execute remote code, posing a severe threat to device security.

As a remedy, D-Link is offering a 20% discount on its newer DSR-250v2 model, which is not affected by the vulnerability, although this does not address the security issues of legacy routers.

While third-party firmware options exist, using them voids warranties and does not guarantee security, complicating the situation for users.

The affected VPN routers, commonly used in home office and small business environments, officially reached their end of service on May 1, 2024.

In 2022, the Cybersecurity & Infrastructure Security Agency (CISA) had already advised consumers to replace vulnerable D-Link routers that had reached EOL to mitigate security risks.

Recent disclosures have also revealed additional vulnerabilities in other D-Link products, including critical flaws affecting older NAS devices and exposed modems, with no updates provided by the company.