Hackers Target Zero-Day Flaw in Old D-Link Routers No Longer Getting Updates

Critical zero-day exploit in D-Link routers poses severe risk; replace obsolete devices urgently to ensure network security.

By Content Team

Jan 8, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Attackers are actively exploiting a critical zero-day vulnerability (CVE-2026-0625) in discontinued D-Link DSL gateway routers, most of which stopped receiving security updates over five years ago. The flaw, with a CVSS score of 9.3, allows remote attackers to execute arbitrary commands through the router's DNS configuration system without authentication.

VulnCheck discovered the vulnerability on December 16, 2025, after spotting active exploitation in production environments. D-Link is still investigating which specific models are affected, promising to release a detailed list this week. The company recommends organizations immediately replace these end-of-life devices with currently supported models.

This highlights ongoing risks of using obsolete networking equipment that no longer receives security patches.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Foster City Restores Phone and Email Services After Ransomware Attack

Mar 28, 2026

Iranian Hackers Used Stolen Credentials to Breach Medical Giant Stryker

Mar 18, 2026

Under Armour Investigates Data Breach Affecting 72 Million Email Addresses

Jan 23, 2026

M&S Cyber Attack Chaos Leaves More Questions Than Answers

Feb 18, 2026