Dispose now! No more support for attacked D-Link DSL routers
Currently, unknown attackers are targeting various D-Link DSL routers. There have been no security patches for these devices for six years.
(Image: solarseven/Shutterstock.com)
Anyone still using DSL to access the internet and owning an old D-Link router should immediately check the model number and replace the device if necessary for security reasons. Attackers are currently exploiting a “critical” security vulnerability to completely compromise routers.
The security problem
Security researchers from the ShadowServer Foundation and VulnCheck discovered the currently exploited security vulnerability (CVE-2026-0625). They have compiled their findings in a security advisory. D-Link has already confirmed the attacks in its own warning message.
According to the researchers, the vulnerability lies in the “dnscfg.cgi” component. Remote attackers can exploit it without authentication. Because user input is not sufficiently filtered, attackers can specify manipulated DNS configuration parameters. They then execute their commands and ultimately malicious code to completely compromise devices. The extent of the attacks and how they are carried out in detail is currently unknown.
Videos by heise
Support expired several years ago
These DSL router models are affected by the attacks:
- DSL-526B <= 2.01
- DSL-2640B <= 1.07
- DSL-2740R < 1.17
- DSL-2780B <= 1.01.14
The devices are old, dating from 2016 to 2019. Support for the routers expired in 2020. Since then, there have been no more security updates, making it easy for attackers. Anyone still using such a device should dispose of it immediately and replace it with a router that is still supported. D-Link is currently checking whether other models are vulnerable, according to its statements.
(des)
