This D-Link router has serious security flaws: What to do now

'Matrix'-like green numbers flowing vertically over image of home Wi-Fi router.
(Image credit: Syafiq Adnan/Shutterstock)

If you've got an old D-Link DIR-865-L Wi-Fi router, you should update its firmware right away. Better yet, throw out the unit and replace it with one of the best wireless routers.

This is because the DIR-865-L, first released in 2012, has at least six serious security flaws, and D-Link doesn't plan to fix three of them. 

"The product has reached End of Life(EoL)/End of Support(EoS), and there is no more extended support or development for them," a recent D-Link support announcement says of the DIR-865-L router. "D-Link recommends this product be retired, and any further use may be a risk to devices connected to it and end-users connected to it."

This is standard D-Link policy with older devices. In the fall of 2019, similar flaws were found on more than a dozen other D-Link routers, but the company said none would be patched.

We're a tad miffed that, as with many of those routers from last fall, you can still buy the D-Link DIR-865-L on numerous online outlets, including Amazon and NewEgg. We certainly don't recommend buying one, or indeed any router model that's more than 5 years old.

  • A router VPN is the best way to secure your Wi-Fi at home

Half a dozen serious security flaws

Palo Alto Networks' Unit 42 discovered these six flaws in February and notified D-Link accordingly. Now that the standard 90-day disclosure window is over and D-Link has declared its position, Palo Alto has published its findings. 

To use Unit 42's descriptions, the flaws involve cross-site request forgery (CSRF), inadequate encryption strength, cleartext storage of sensitive information, improper neutralization of special elements used in a command (command injection), predictable seed in pseudo-random number generator and cleartext transmission of sensitive information.

D-Link's firmware update fixes only the first three. An attacker would need to get at least in range of a router's Wi-Fi network to exploit any of these flaws, but that's not hard to do in an apartment building or even a suburban neighborhood. 

Palo Alto warned that these problems may not be limited to this model.

"It is possible that some of these vulnerabilities are also present in newer models of the router because they share a similar codebase," the Unit 42 report says.

  • Setting up a virtual router is the perfect way to share your connections

Again, if you have the D-Link DIR-865-L, please consider just getting a new router. You'd think a Wi-Fi router would last many years, but in fact they're like any other electronic device. By the time you're reached Year 7 or 8, it's time to seriously consider upgrading. 

D-Link feels the same way. This is from the U.S. version of its support announcement, but it applies worldwide: "If U.S. consumers continue to use the product against D-Link's recommendation, please make sure the device has the most recent firmware from https://legacy.us.dlink.com/, installed, make sure you frequently update the device's unique password to access its web-configuration and always have WiFI encryption enabled with a unique password."

To update the firmware, you'll need to go through the router's administrative interface and have a working internet connection. We found detailed instructions on to update the D-Link DIR-865-L's firmware on D-Link's Canadian support website.

TOPICS
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Read more
TP- Link Archer AX55 sitting on desk
This Chinese router company with 65% market share in the US could be banned — what you need to know
A person trying to set up a new Wi-Fi router
Thousands of TP-Link routers have been infected by a botnet to spread malware
The MSI Roammii BE Lite dual-band mesh Wi-Fi 7 router on a table
Upgrading to Wi-Fi 7 is about to get more complicated — and these new routers are to blame
Graphic of fibre optic cables attacking code
An estimated 46,000 VPN servers are vulnerable to being hijacked
TP- Link Archer AX55 sitting on desk
Best Wi-Fi routers for 2025: Tested and rated
Windows
240 million Windows 10 users are vulnerable to six different hacker exploits — protect yourself now
Latest in Routers
The eero Pro 7 next to the eero Max 7 on a desk
Eero Pro 7 vs Eero Max 7: Which Wi-Fi 7-powered eero mesh system should you buy?
Eero Pro 7 sitting on counter
Eero Pro 7 review: Fast Wi-Fi 7 mesh speeds simplified
Netgear Orbi 873 on desk
Netgear Orbi 870 review: A great Wi-Fi 7 mesh kit for long range performance
TP-Link's Deco BE65-Outdoor Wi-Fi 7 mesh node mounted to a pole at CES 2025
TP-Link’s new outdoor mesh extender will give you true Wi-Fi 7 speeds right in your backyard
The MSI Roammii BE Lite dual-band mesh Wi-Fi 7 router on a table
Upgrading to Wi-Fi 7 is about to get more complicated — and these new routers are to blame
TP- Link Archer AX55 sitting on desk
This Chinese router company with 65% market share in the US could be banned — what you need to know
Latest in News
A hacker typing quickly on a keyboard
New MassJacker malware is hijacking digital wallets to steal large sums from users
Erin Doherty as Briony Ariston and Owen Cooper as Jamie Miller in "Adolescence" on Netflix
Netflix just got a gripping crime drama show that’s already hit No. 1 — and it’s 100% on Rotten Tomatoes
Leslie Bibb in The White Lotus season 3
Last night's 'White Lotus' cameo is less surprising than you think
Garmin Fenix 8 Sleep
New data reveals the average Garmin sleep score — do you sleep better or worse than most people?
Miele Guard L1 smart vacuum cleaner
Miele has launched its first vacuum cleaner with Wi-Fi — and it’s a game changer
A YouTuber holding the leaked Pixel 9a
Google Pixel 9a just fully leaked in new YouTube video — here's everything it reveals