Attackers are actively exploiting newly discovered vulnerabilities in old D-Link routers, for which official support expired years ago.
Although D-Link has not supported several old routers since 2020, the devices remain in use. Hackers have now found a new vulnerability that they can exploit. This concerns vulnerability CVE-2026-0625, which affects old DSL routers.
Four devices and corresponding firmware versions are being targeted:
- DSL-526B with firmware version ≤ 2.01
- DSL-2640B with firmware version ≤ 1.07
- DSL-2740R with firmware version 1.17
- DSL-2780B with firmware version ≤ 1.01.14
No updates
The models in question have not received any software updates since 2020, and six years after the end of support, D-Link has no plans to make an exception for the old devices. Anyone still using such hardware is currently at high risk of abuse. After all, attackers can use the new bug to run code on the router themselves and thus gain a foothold in the network.
Anyone who still has one of the old DSL routers running in their network would do well to replace it immediately. That should have happened in 2020: connecting unsupported hardware to the internet always involves a risk.
D-Link is currently investigating whether the bug also affects other devices, but that does not appear to be the case so far. The vulnerability was discovered by VulnCheck, which collaborated with D-Link for the analysis. It is currently unclear who is behind the attacks.