When a router reaches its end-of-life (as the units affected by this vulnerability have) exploits become far more serious. Manufacturers bear the responsibility to address these problems with fresh patches, but they generally don’t push out updates for EOL devices (with a few rare exceptions). The issue in question here is a “Remote Code Execution” vulnerability that exists in D-Link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers. According to Malwarebytes Labs, attackers can take advantage of “diagnostic hooks” to make a Dynamic DNS call without proper authentication, allowing them to take control of affected routers.
Meet one of the affected routers: the DIR-810L, released in 2013. Just in case this seems like only a hypothetical threat, it’s worth noting that a proof-of-concept hack targeting this vulnerability already exists in the wild, thanks to Github user doudoudedi. As such, we – and D-Link itself – would recommend replacing any affected routers you might own as quickly as possible. It’s always a shame to generate more e-waste, but in this case, it’s the lesser of two evils. Of course, it’d also be nice if router manufacturers supported their devices for longer: the 810L, for example, reached its EOL in 2019, but was first released in 2013, meaning it received less than 10 years of security patches. At any rate, if you are in the market for a new device, consider checking out our list of the best Wi-Fi routers. We cover budget offerings as low as $70 and high-end enthusiast-grade options that hit the $300 mark. Image credit: Stephen Phillips
