D-Link VPN routers have more major security issues

the best VPN routers
(Image credit: Shutterstock)

A previously undisclosed vulnerability has been discovered in VPN routers from D-Link that could allow an attacker to take full control over the affected devices.

The Vulnerability Research Team (VRT) at the threat management firm Digital Defense discovered a root command injection flaw in D-Link's DSR-150, DSR-250, DSR-250, DSR-500 and DSR-1000AC VPN routers. 

Devices running firmware version 3.14 and 3.17 are vulnerable to potential attacks and this is made worse by the fact that D-Link's VPN routers are commonly available on many popular ecommerce sites such as Amazon Best Buy, Office Depot and Walmart. 

As more employees are working from home during the pandemic, some might be connecting to corporate networks using one of the affected devices which could put organizations at risk as well.

Command injection flaw

The vulnerable component of D-Link's VPN routers is accessible without authentication from both WAN and LAN interfaces and the flaw could even be exploited over the internet.

Additionally, a remote, unauthenticated attacker with access to the router's web interface could execute arbitrary commands as root which would effectively give them complete control of the router. With this access, an attacker could intercept or modify traffic, cause denial of service conditions and launch further attacks on other assets as D-Link routers can simultaneously connect to up to 15 devices.

SVP of engineering at Digital Defense Mike cotton explained how the firm responsibly disclosed the vulnerability to D-Link in a press release, saying:

“Our standard practice is to work in tandem with organizations on a coordinated disclosure effort to facilitate a prompt resolution to a vulnerability. The Digital Defense VRT reached out to D-Link who worked diligently on a patch. We will continue outreach to customers ensuring they are aware and able to take action to mitigate any potential risk introduced by the vulnerability.” 

D-Link has now patched the flaw and released updated firmware for all of the affected routers. Users can check out the company's advisory on the issue for more information and it is highly recommended that they download and install the updated firmware for their device.

  • Also check out our complete list of the best VPN services
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in VPN Privacy & Security
Demonstrators protesting against the arrest of the Mayor of Istanbul Ekrem Imamoglu block Atatürk Boulevard on March 22, 2025 in Ankara, Türkiye.
Turkey's social media ban has been lifted, but VPN usage is still high
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
Digital hand set location on map with two pins. AI technology in GPs, innovation delivery, map location, future transport logistic, route path concept. GPs point. New office location, change address
What does your IP address reveal about you?
A stethoscope next to a laptop on a pink background
How to check if your VPN is working
Teenager playing on a gaming PC with two monitors
Is using a VPN while gaming cheating? 5 myths you shouldn't believe about gaming with a VPN
Neon blue email symbols on a black background
Why am I suddenly getting so many spam emails?
Latest in News
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
Oura Ring 4
Activity tracking on Oura Ring is about to get a whole lot better, but I've got bad news about your step count
Google Pixel Buds Pro 2
Cleaned your Pixel Buds Pro 2 recently? If not, you might be getting worse sound
Google Maps on a phone being held in someone's hand
Google Maps is getting two key upgrades, for easier route planning and quicker access to Gemini AI