D-Link Won't Fix Serious Security Flaw on at Least 13 Wi-Fi Routers

Hand plugging cable into a router Ethernet jack.
(Image credit: Proxima Studio/Shutterstock)

UPDATED Nov. 20, 2019 with the addition of three , perhaps four, more vulnerable D-Link models. This story was originally published Oct. 8, 2019, and updated Oct. 24, 2019 with the addition of six more vulnerable models.

A serious security flaw has been found in four D-Link routers. But if you have one of these models, you'd better just throw it out, because the flaw will never be fixed. 

The routers in question are the DIR-652, DIR-655, DIR-866L and DHP-1565. Researchers from Fortinet disclosed last week that the most recent firmware for each had an "unauthenticated command-injection vulnerability" that could permit remote code execution. 

In other words, a hacker halfway across the world could fairly easily hijack your router and then monitor your internet traffic or send you to malicious websites. 

Usually, you would install new firmware to repair such router issues. But Fortinet was notified by D-Link that because "these products are at End of Life (EOL) support ... the vendor will not provide fixes for the issue we discovered."

MORE: Best Wi-Fi Routers

Unfortunately, one of the models, the DIR-866L, was introduced in 2014 and discontinued only in 2018. Another model, the DIR-655, was introduced in 2006, but also discontinued only last year. 

Three of them — the DIR-655, DIR-866L and DHP-1565 — can still be bought new from third-party sellers on Amazon's U.S. website, and the first is even an Amazon's Choice model. (The fourth, the DIR-652, was never sold in the United States.)

We know that if we bought a router last year, we'd expect it to be safe to use for longer than 12 months — especially if it's an Amazon's Choice. And some other router makers, such as Netgear, do continue to provide security updates for routers that they no longer manufacture.

MORE: Encrypt every byte of your traffic with a router VPN

However, D-Link is under no obligation to provide support for a device that it no longer makes. The upshot is that before you buy a router, check with the manufacturer to see if it's still supported. 

For example, here is an official web page listing D-Link's "legacy products," and a third-party page listing Netgear's discontinued products. (Netgear's own list of legacy routers is way out of date.) 

We asked around the Tom's Guide offices to see how long people expected a home Wi-Fi router to last. The consensus seemed to be between five and eight years. 

If you'd like your new router to last as long, you might want to check what the manufacturer's policy is for end-of-life support. 

And, frankly, you might want to check whether your router manufacturer has ever been sued by the Federal Trade Commission for not properly securing its networking devices.

UPDATES: Based on additional research, the CERT Coordination Center, located at Carnegie Mellon University in Pittsburgh, on Oct. 23 added six more D-Link router models to the list of devices that cannot be updated and should be replaced.  

On  Nov. 19, D-Link updated its own security bulletin to add three, or perhaps four, models to the list. 

The full list of affected models is now:

DAP-1533

DGL-5500

DHP-1565

DIR-130

DIR-330

DIR-615

DIR-652

DIR-655

DIR-825

DIR-835

DIR-855L

DIR-862 (as listed by D-Link)

DIR-862L (as listed by researcher Heige)

DIR-866L

TOPICS
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Latest in Routers
The eero Pro 7 next to the eero Max 7 on a desk
Eero Pro 7 vs Eero Max 7: Which Wi-Fi 7-powered eero mesh system should you buy?
Eero Pro 7 sitting on counter
Eero Pro 7 review: Fast Wi-Fi 7 mesh speeds simplified
Netgear Orbi 873 on desk
Netgear Orbi 870 review: A great Wi-Fi 7 mesh kit for long range performance
TP-Link's Deco BE65-Outdoor Wi-Fi 7 mesh node mounted to a pole at CES 2025
TP-Link’s new outdoor mesh extender will give you true Wi-Fi 7 speeds right in your backyard
The MSI Roammii BE Lite dual-band mesh Wi-Fi 7 router on a table
Upgrading to Wi-Fi 7 is about to get more complicated — and these new routers are to blame
TP- Link Archer AX55 sitting on desk
This Chinese router company with 65% market share in the US could be banned — what you need to know
Latest in News
iOS 19 logo on an iPhone
Apple WWDC 2025: iOS 19 and everything we know so far
Siri
Siri 2.0 features reportedly only working ‘two-thirds to 80% of the time’
NYTimes Connections
NYT Connections today hints and answers — Sunday, March 16 (#644)
Nintendo Switch 2
New Nintendo Switch 2 FCC filing suggests this beloved Nintendo controller could make a comeback
(From L to R) Rohan (Nik Dodani), Josh (Brandon Flynn), Dorothy (Edie Falco), John (Dean Norris), and Liddie (Lisa Kuthrow) in The Parenting
Max top 10 movies — here’s the 3 worth watching right now
NYT Strands on a cellphone
NYT Strands today — hints, spangram and answers for game #378 (Sunday, March 16 2025)