Skip to main content

This D-Link router has serious security flaws: What to do now

'Matrix'-like green numbers flowing vertically over image of home Wi-Fi router.
(Image credit: Syafiq Adnan/Shutterstock)

If you've got an old D-Link DIR-865-L Wi-Fi router, you should update its firmware right away. Better yet, throw out the unit and replace it with one of the best wireless routers.

This is because the DIR-865-L, first released in 2012, has at least six serious security flaws, and D-Link doesn't plan to fix three of them. 

"The product has reached End of Life(EoL)/End of Support(EoS), and there is no more extended support or development for them," a recent D-Link support announcement says of the DIR-865-L router. "D-Link recommends this product be retired, and any further use may be a risk to devices connected to it and end-users connected to it."

This is standard D-Link policy with older devices. In the fall of 2019, similar flaws were found on more than a dozen other D-Link routers, but the company said none would be patched.

We're a tad miffed that, as with many of those routers from last fall, you can still buy the D-Link DIR-865-L on numerous online outlets, including Amazon and NewEgg. We certainly don't recommend buying one, or indeed any router model that's more than 5 years old.

Half a dozen serious security flaws

Palo Alto Networks' Unit 42 discovered these six flaws in February and notified D-Link accordingly. Now that the standard 90-day disclosure window is over and D-Link has declared its position, Palo Alto has published its findings. 

To use Unit 42's descriptions, the flaws involve cross-site request forgery (CSRF), inadequate encryption strength, cleartext storage of sensitive information, improper neutralization of special elements used in a command (command injection), predictable seed in pseudo-random number generator and cleartext transmission of sensitive information.

D-Link's firmware update fixes only the first three. An attacker would need to get at least in range of a router's Wi-Fi network to exploit any of these flaws, but that's not hard to do in an apartment building or even a suburban neighborhood. 

Palo Alto warned that these problems may not be limited to this model.

"It is possible that some of these vulnerabilities are also present in newer models of the router because they share a similar codebase," the Unit 42 report says.

Again, if you have the D-Link DIR-865-L, please consider just getting a new router. You'd think a Wi-Fi router would last many years, but in fact they're like any other electronic device. By the time you're reached Year 7 or 8, it's time to seriously consider upgrading. 

D-Link feels the same way. This is from the U.S. version of its support announcement, but it applies worldwide: "If U.S. consumers continue to use the product against D-Link's recommendation, please make sure the device has the most recent firmware from https://legacy.us.dlink.com/, installed, make sure you frequently update the device's unique password to access its web-configuration and always have WiFI encryption enabled with a unique password."

To update the firmware, you'll need to go through the router's administrative interface and have a working internet connection. We found detailed instructions on to update the D-Link DIR-865-L's firmware on D-Link's Canadian support website.

  • witowen638
    Watch out, the picture in the article is not a dlink and instead it is a tp-link.
    Reply