A serious vulnerability has been discovered in multiple D-Link routers, but the company is saying it won't be fixing them, even though some of the models are still being sold online.
The flaw was discovered by researchers from cybersecurity firm Fortinet. According to the researchers, four different models: DIR-652, DIR-655, DIR-866L and DHP-1565 have a "unauthenticated command-injection vulnerability" that could permit remote code execution. In other words, if a hacker were to exploit this vulnerability, he or she could use your router to monitor your traffic or even send you towards malicious websites (imagine, for example, being redirected to a fake bank website and typing in your credit card details for the hackers).
These types of vulnerabilities get found in routers every once in a while and the manufacturers usually fix it by releasing an updated version to the firmware. This time, however, D-Link confirmed that it wouldn’t be releasing new firmware for these four models because they’ve reached their end-of-life.
That wouldn’t be too big of a deal if these models were still not being sold online by third party sellers. One model, the DIR-655, is even listed on Amazon as the Amazon’s Choice model. Another model, the DIR-866L, was introduced in 2014 and discontinued only in 2018.
So if you happen to have one of these four router models, the safest thing you could do is to replace them with a newer model. Otherwise you’re just putting yourself at unnecessary risk of being hacked.