D-Link VPN routers with RCE

[madires]

D-Link tells users to trash old VPN routers over bug too dangerous to identify (https://www.theregister.com/2024/11/20/dlink_rip_replace_router/):
- DSR-150 (EOL May 2024)
- DSR-150N (EOL May 2024)
- DSR-250 (EOL May 2024)
- DSR-250N (EOL May 2024)
- DSR-500N (EOL September 2015)
- DSR-1000N (EOL October 2015)

And if you think that something more expensive, like Fortinet or PaloAlto, will save the day, you're wrong.

[ataradov]

It sucks, but the newest of those devices was released almost 15 year ago. There is only so much practical support you can provide. At some point if you require infinite support time for $200 device, it would make no financial sense to sell them.

So, you either have to accept some sort of a subscription or just update the hardware every 10 years.

[soldar]

In Europe Mikrotik have good reputation

https://mikrotik.com/products/group/ethernet-routers

[rteodor]

Why even bother with store grade routers ? At least for tech literate crowd there are devices like OpenWrt One Router (https://docs.banana-pi.org/en/OpenWRT-One/BananaPi_OpenWRT-One). Or a simple DIY Raspberry Pi ?

My old D-Link from 2006 is enrolled in botnets within a very few minutes of exposing it to internet. Came with a dumb backdoor int it (as far I can remember: set some hardcoded keyword in user agent request to webserver and anybody gets in).

[soldar]

Why even bother with store grade routers ? At least for tech literate crowd there are devices like OpenWrt One Router (https://docs.banana-pi.org/en/OpenWRT-One/BananaPi_OpenWRT-One).

Looks nice but not cheap.

Edit: I find cheaper boards now but still not cheap.

[mwb1100]

My old D-Link from 2006 is enrolled in botnets within a very few minutes of exposing it to internet.

What's a good way to know if a router has been compromised?

(OpenWRT One) Looks nice but not cheap.

Around $100 shipped.  Maybe not cheap, but not crazy expensive either.

[soldar]

Around $100 shipped.  Maybe not cheap, but not crazy expensive either.

Yes, depends on context. For work/pro use it is very reasonable, for home or just playing around, as is my case, well, it depends on how much you want to spend. I am used to playing and flashing routers that cost me nothing. I can afford $100 if I need the device but I am just playing around and chances are it will soon be in a drawer, forgotten. I am more inclined to using a regular computer as I have a few I do not use. This makes more sense for playing for a while but for serious use the box is bigger and the energy consumption is higher so it is worth getting a dedicated device.

I was recently looking at the possibility of buying a couple of Mikrotik devices but cannot find second hand at good price. 

[rteodor]

I am used to playing and flashing routers that cost me nothing. I can afford $100 if I need the device but I am just playing around and chances are it will soon be in a drawer, forgotten. I am more inclined to using a regular computer as I have a few I do not use. This makes more sense for playing for a while but for serious use the box is bigger and the energy consumption is higher so it is worth getting a dedicated device.

Yes, basically you can make a router out of just about anything that has two separate ports (Ethernet, but not only) and good enough CPU. And then there is WiFi.  And to have good WiFi coverage, good antennas are needed and that's where dedicated routers shine.
Otherwise a Raspberry Pi 3 is so cheap for the resources that it has that it beats any WiFi router ... except for WiFi coverage.

[soldar]

Yes, basically you can make a router out of just about anything that has two separate ports (Ethernet, but not only) and good enough CPU. And then there is WiFi.  And to have good WiFi coverage, good antennas are needed and that's where dedicated routers shine.
Otherwise a Raspberry Pi 3 is so cheap for the resources that it has that it beats any WiFi router ... except for WiFi coverage.

In general WIFI is not too important for me because I can just use another router as access point or a dedicated ap. In general I like to keep functions separate and have a router that is only router but... let me start another thread so as not to hijack this one.