D-Link routers have major security flaws - but there's no fix

News
By published

It won’t ever be patched because these four routers are no longer supported

(Image credit: Shutterstock.com / Nicescene)

Owners of some older D-Link routers have been warned that their device could be carrying a serious security hole which allows for remote code execution.

However despite the threat, the company isn't planning to release a security patch.

Why won’t D-Link fix it? Quite simply because the affected models – the DIR-652, DIR-655, DIR-866L and DHP-1565 – have passed their end-of-support deadline, so no longer get any fixes applied by the manufacturer.

The problem is an “unauthenticated command-injection vulnerability” (FG-VD-19-117 / CVE-2019-16920) according to security firm Fortinet.

A remote attacker can “send an arbitrary input to the device common gateway interface that could lead to common injection”, the company explains, and upon successfully implementing that, the attacker can subsequently retrieve the admin password, install a backdoor and basically wreak all manner of havoc.

Because this won’t ever be patched, if you own one of these D-Link routers, every time you go online you’re pretty much rolling the dice in terms of potentially being exploited (to maybe devastating effect).

So really the only sane solution is to upgrade your router to a new model.

Fortinet further notes: “The root cause of the vulnerability is due to the lack of a sanity check for arbitrary commands executed by the native system command execution, which is a typical security pitfall suffered by many firmware manufacturers.”

Unsportingly short support?

As Tom’s Guide, which spotted this, observed, one of the affected models, namely D-Link’s DIR-866L, was released in 2014 and only went out of support last year – so indeed it was only supported for four years, which seems a little thin. Particularly given that the DIR-655 was supported for 12 years…

What’s also slightly worrying is that Fortinet says the aforementioned four routers are definitely affected, but more models could potentially be hit by this security flaw. No other routers have been named yet, but it’s certainly worth bearing that in mind.

If this development has got you urgently seeking a new device, then check out our roundup of the best routers of 2019 for some inspiration.

Darren Allan

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).

Latest in Security
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple routers hit by new critical severity remote command injection vulnerability, with no fix in sight
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Latest in News
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
An aerial view of an Instavolt Superhub for charging electric vehicles
Forget gas stations – EV charging Superhubs are using solar power to solve the most annoying thing about electric motoring
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
More about security
cybersecurity

Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak

A major Keenetic router data leak could put a million households at risk
Student with headphones around her neck using a phone while sitting in a cafe in front of a laptop

One of the richest men in the world castigates the billions of dollars spent on buying laptops for US classrooms with no apparent improvements
See more latest
Most Popular
Student with headphones around her neck using a phone while sitting in a cafe in front of a laptop
One of the richest men in the world castigates the billions of dollars spent on buying laptops for US classrooms with no apparent improvements
An aerial view of an Instavolt Superhub for charging electric vehicles
Forget gas stations – EV charging Superhubs are using solar power to solve the most annoying thing about electric motoring
Tesla Model Y 2025
Tesla’s EU sales are in freefall as VW races ahead, but the Model Y could change all that
Asus NUC 15 Pro+
Asus unveils its most powerful mini PC to date — but I don't think the Intel-powered NUC 15 Pro+ will compete with Strix Halo models
HDD
Seagate teams with Nvidia to build an NVMe hard drive proof of concept, more than 3 years after its last effort
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora