Yeah, the only thing that might make D-Link's position here unreasonable is how long ago the devices hit EOL. Like if it was last week then they are being a bit petty if they don't issue a patch, but on the other hand if it was 10 years ago it is ridiculous to expect them to patch it. I couldn't find that info in the linked article (probably it's somewhere in between the two extremes I mentioned), but without knowing that context I can't really fault a vendor for saying "EOL means EOL, sorry".
> if it was 10 years ago it is ridiculous to expect them to patch it
I don't think even that is "ridiculous". It came out of the factory defective. This isn't about features or maintenance. How many years total would that be since last sale, still less than 15?
Also, how many hundreds of dollars would it really cost them to release an update, even if it was 15 years old?
For at least one remote access vulnerability reported earlier this year, D-Link declined to patch even though the device only hit EoL during the disclosure period, and was still within the EoS (end-of-service) date (which by D-link policy is EoL + 1 year):
https://supportannouncement.us.dlink.com/announcement/public...