Critical D-Link VPN Router Vulnerability Won’t Be Patched

By: Bryson Medlock

D-Link has issued a warning urging customers to replace several end-of-life (EOL) VPN routers affected by a critical remote code execution (RCE) vulnerability. This flaw, which allows unauthenticated attackers to execute arbitrary code, will not receive a patch due to the routers’ discontinued support. Affected models include the DSR-150, DSR-250, DSR-500, and DSR-1000AC, widely used in small businesses for remote access and VPN connectivity. The vulnerability was reported by security researcher ‘delsploit’ though technical details are still being withheld to prevent mass exploitation.

The vulnerability represents a significant risk to organizations that rely on outdated hardware. Cyber attackers can exploit these unpatched routers to gain control over network traffic, exfiltrate sensitive data, or deploy malware. Tools for scanning and identifying these vulnerable devices are easily accessible, increasing the likelihood of exploitation. This aligns with broader trends in edge device vulnerabilities, which accounted for 36% of widely exploited flaws in 2024, with 60% involving zero-day attacks according to a report by Rapid7 . Edge devices often provide an attractive target due to their internet-facing nature and their role as gateways to internal networks.

This issue underscores a common challenge: many small and medium-sized businesses (SMBs) and managed service providers (MSPs) set up critical infrastructure, such as VPN routers, firewalls, and IoT devices, but fail to retire or update them when support ends. Many of these systems are neglected due to their "set and forget" configuration, and vulnerabilities in these devices remain unpatched for an average of 150 days. Such delays allow attackers ample time to exploit flaws, often using professionalized cybercriminal services like Initial Access Brokers (IABs), who sell access to compromised edge devices.

The increasing severity of vulnerabilities in edge devices is reflected in their high median Common Vulnerability Scoring System (CVSS) rating of 9.8, compared to 8.8 for non-edge vulnerabilities. Once breached, these devices often lack adequate logging and monitoring , making it difficult for defenders to detect and respond. Attackers can use them to gain privileged access to the broader network, deploy malware, or maintain persistence.

To mitigate this threat, MSPs and SMBs should adopt aggressive lifecycle management strategies, ensuring that devices nearing end-of-support are promptly replaced. Regular audits, automated vulnerability scanning, and integration of edge devices into broader security monitoring frameworks are critical. Education about the risks posed by outdated infrastructure is equally essential, as is implementing solutions like firmware updates and enhanced logging capabilities.

?