Cybersecurity Reach Foundation LogoCybersecurity Reach Foundation
Back to Newsletters

🚨 URGENT RELEASE: Critical Vulnerability in D-Link Devices (Routers and Network Attached Storage) 🚨

Over 60,000 D-Link routers and NAS devices face a critical vulnerability with no fix available—learn how to protect your network now.

Newsletter cover image

Does Your Device Look Like This?

What Happened?

Over 60,000 devices are currently vulnerable due to a critical flaw.

  • The issue is with the cgi_user_add API command used to add users.
  • A parameter, name, is not properly secured.
  • Hackers can exploit this flaw to inject malicious commands and take full control of your device.

If your device resembles the images below, it is critical for you to read further and take immediate action.

Network Attached Storage (NAS):

  • DNS-320
  • DNS-320LW
  • DNS-325
  • DNS-340L

Image of NAS

Routers:

  • DSR-150
  • DSR-150N
  • DSR-250
  • DSR-250N

Image of Routers

The Main Problem

D-Link, the maker of these devices, has confirmed they will not release a fix.
Why? These devices have been classified as End of Life (EoL).

D-Link’s advice: retire the devices immediately.

What You Should Do

  1. Apply the latest patch available.
    • While it won’t fix this vulnerability, it can address other known issues.
  2. Restrict access to trusted IP addresses.
    • Limit device management to specific IPs.
    • Ensure it is not accessible from the internet.
  3. Replace the device as soon as possible.
    • Since no fix is coming, the only permanent solution is replacing your device with a secure, supported model.

Take Action Now

If you recognize your device in the images above or from the model list, follow the steps to secure your network. Leaving the device vulnerable puts your data and network at risk.

Read More
Subscribe to Our Newsletter