What happened
An active exploitation campaign targets legacy D-Link DSL routers, using a remote code execution flaw in devices with outdated firmware. Security firm Tenable confirmed that attackers leverage exposed HTTP interfaces and default credentials to execute commands remotely. Exploited routers may become part of botnets, intercept traffic, or serve as pivot points for attacks on internal networks. Affected models include D-Link DSL-2640B, DSL-2750B, and other end-of-life devices still in operational use.
Who is affected
Users of legacy D-Link DSL routers, including small businesses and residential networks, are directly at risk, while connected enterprise systems may face indirect exposure.
Why CISOs should care
Unpatched network hardware presents persistent attack vectors for lateral movement, malware propagation, and operational disruption.
3 practical actions
Update firmware: Apply vendor firmware patches where available.
Retire end-of-life devices: Replace legacy routers with supported, secure models.
Network monitoring: Detect unusual router activity, including unexpected logins and outbound traffic.