D-Link Issues Warning on End-of-Life Routers Vulnerable to Botnet Exploits

D-Link has issued a critical advisory urging users to retire and replace several legacy router models, including the DIR-645, DIR-806, GO-RT-AC750, and DIR-845, citing their End-of-Life (EOL) and End-of-Support (EOS) status. These routers, no longer supported or updated, have become targets for cyberattacks by the botnets “Ficora” and “Capsaicin.”

The advisory highlights that the botnets exploit multiple known vulnerabilities, including CVE-2015-2051, CVE-2019-10891, CVE-2022-37056, and CVE-2024-33112, to gain unauthorized access to these outdated devices. Once compromised, attackers leverage weaknesses in the D-Link Management Interface (HNAP) to execute malicious commands via the “GetDeviceSettings” action. These attacks enable the theft of sensitive data, execution of shell scripts, and the deployment of large-scale Distributed Denial-of-Service (DDoS) operations.

The affected models, along with their EOL dates, include:

DIR-645: All hardware revisions, EOL as of December 31, 2018.
DIR-806: All hardware revisions, EOL as of February 1, 2016.
GO-RT-AC750: All hardware revisions, EOL as of February 29, 2016.
DIR-845L: All hardware revisions, EOL as of March 1, 2016.

D-Link emphasized that “as a general policy, when products reach EOS/EOL, they can no longer be supported, and all firmware development for these products ceases.”

D-Link strongly recommends that consumers retire these models immediately to mitigate security risks. For those who continue to use these routers, the company advises ensuring the devices have the latest available firmware, using unique and regularly updated passwords, and enabling robust Wi-Fi encryption. However, D-Link warns that these measures offer only limited protection and are not a substitute for upgrading to supported devices.

Legacy devices, often overlooked, can serve as entry points for sophisticated botnets, potentially compromising entire networks. D-Link’s advisory concludes with a cautionary note: “The continued use of unsupported products may pose significant risks to the devices connected to them.”