Thursday 10 December 2020
The impact of this issue announcement is critical. Please act accordingly to rectify the issue, as stated below.
Products affected:
D-Link DSR-150, DSR-250, DSR-500 and DSR-1000AC VPN routers.
What you need to know:
A previously undisclosed vulnerability involving D-Link VPN routers running on firmware versions 3.14 and 3.17 is vulnerable to a remotely exploitable root command injection flaw.
Actions to be taken:
D-Link addresses the issue by providing firmware patches available at https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195