Owners of older models of D-Link VPN routers are being told to retire and replace their devices following the disclosure of a serious remote code execution (RCE) vulnerability.

Most of the details about the bug are being kept under wraps given the potential for wide exploitation. The vendor hasn’t assigned it a CVE identifier or really said much about it at all other than that it’s a buffer overflow bug that leads to unauthenticated RCE.

Unauthenticated RCE issues are essentially as bad as vulnerabilities get, and D-Link warned that if customers continued to use the affected products, the devices connected to them would also be put at risk.

  • cron@feddit.orgOP
    link
    fedilink
    English
    arrow-up
    3
    ·
    2 days ago

    You’re right, these devices are end of life and hopefully not near critical infrastructure.