Security researchers have discovered a critical vulnerability that affects D-Link DIR-859 Wi-Fi routers.

D-Link won’t patch the problem and suggests that customers buy a new router.

Configuration files associated with access control lists (ACLs) and gear firewall parameters may also be targeted.

Person wearing the Apple Watch Series 10

The product is End-of-Life, so it won’t be patched, posing long-term exploitation risks.

Multiple XML files can be invoked using the vulnerability."

  • GreyNoise

Researchers first identified CVE-2024-0769 in January of 2024.

The Ethernet ports on the rear side of an internet router.

Hannah Stryker / How-To Geek

Security monitoring groupGreyNoisehas since observed an attempt to exploit the vulnerability in the wild.

(And, in any case, future attacks are certain.)

The D-Link DIR-859 launched in 2015 and reached end of service on December 10th, 2020.

The D-Link DIR-856 router on a white background.

D-Link

It’s an extremely outdated router, so poor security doesn’t come as much of a surprise.

For those wondering, D-Link doesn’t appear to be offering discounts or coupons to affected customers.

Those who currently use the D-Link DIR-859 Wi-Fi router should replace it witha new router.

If you’re on a budget, I suggest theASUS RT-AX1800S.

Whatever router you choose, be sure to set it up with a brand new username and password.

The username and password associated with your D-Link DIR-859 router may have been compromised.