If you have an old (ish) D-Link router, you are warned that it may have a serious security vulnerability that allows remote code execution and can not be patched.
Why can D-Link not fix the problem? Quite simply, because the affected models – DIR-652, DIR-655, DIR-866L and DHP-1565 – have exceeded their support deadline and no more fixes are being used by the manufacturer.
The problem, according to security firm Fortinet, is a "non-authenticated command-prompt vulnerability" (FG-VD-19-117 / CVE-2019-16920).
A remote attacker can "send an arbitrary input to the device's Common Gateway interface, which can lead to a common injection," the company said. After successful deployment, the attacker can then retrieve the administrator password, install a backdoor, and perform virtually all possible chaos.
Since this can never be fixed, every time you go online, you'll need to count on one of these D-Link routers for potential exploitation (which may have devastating effects).
The only reasonable solution is to upgrade your router to a new model.
Fortinet notes, "The root cause of the vulnerability is the lack of integrity checking for any commands that are executed by the native command execution, a typical security vulnerability that many firmware vendors have."
Unsportsmanlike short support?
As Tom's guide noted, one of the affected models, D-Link's DIR-866L, was released in 2014 and support was discontinued last year – just four years, so it seems a bit thin. Especially because the DIR-655 was supported for 12 years …
Somewhat worrying is that, according to Fortinet, the above four routers are definitely affected, but more models may be affected by this vulnerability. No other routers have been named, but it's definitely worth considering.
If you're looking for a new device as a result of this development, check our overview of the best routers of 2019.
The price written on this page is true as the time it is written. It may change at any moment.