A critical vulnerability allowing remote code execution (RCE) attacks has been found in several D-Link VPN routers. Since these models have reached their end of life, D-Link will not issue a patch and recommends users replace them with newer models.

D-Link confirmed that both hardware and firmware for these devices are no longer supported. “The DSR-150/DSR-150N/DSR-250/DSR-250N hardware and firmware have reached their End of Life (EOL) as of May 1, 2024. Products at EOL no longer receive updates or security patches,” the advisory stated. D-Link strongly advises users to retire these devices.