Posted by Austin – January 12, 2026
TL;DR: Old D-Link routers are being actively hacked via a critical flaw. D-Link won’t patch them—they’re end-of-life. Check your hardware and replace if affected.
CVE-2026-0625
Hey everyone, Austin here from ForgeGuard IT in Monroe, Wisconsin. As your local cybersecurity partner serving small-to-medium businesses, startups, and entrepreneurs across the state, I’m keeping a close eye on threats that can hit you hardest.
Right now, there’s a critical vulnerability actively being exploited, targeting old D-Link routers and DSL gateways that are still in a lot of offices (and closets). I’ve double-checked the latest from the National Vulnerability Database (NVD), D-Link’s official bulletin, and multiple advisories—this is real, ongoing, and serious.
What’s Happening?
In late 2025 and into 2026, attackers started exploiting a critical remote code execution flaw in end-of-life (EOL) D-Link routers and DSL gateways. The issue is a command injection vulnerability in dnscfg.cgi, which handles DNS settings. Attackers can send malicious requests over the internet—no password needed—to take full control of the device.
- DNS hijacking — redirecting your traffic through attacker-controlled servers
- Data theft — intercepting sensitive business information
- Botnet recruitment — turning your router into part of a larger attack
Because many impacted models are EOL, patches are not available; replacement is recommended.
Which Devices Are Affected?
This hits a range of discontinued D-Link models, especially older DSL modem/router combos and wireless routers. Confirmed impacted product lines include several DSL gateways (e.g., DSL-2740R, DSL-2640B, DSL-2780B, DSL-526B) and some older DIR/DNS devices (e.g., DIR-600/615, DNS-320/325/345) noted across advisories.
Why This Hits Small Businesses Hard
For SMBs, your router is the front door to your entire network. If compromised, every device behind it can be silently redirected to phishing or malware, sensitive data can be intercepted, and you may face compliance risk (HIPAA, cyber insurance). Since these devices are EOL, they’re permanently vulnerable.
What Should You Do Right Now?
- Check your hardware. Look at the label on your router/modem. If it’s one of the affected D-Link models, prioritize replacement.
- Short-term mitigations (while you plan a swap):
- Disable remote administration
- Change default passwords
- Monitor for unusual DNS changes
These reduce risk but don’t eliminate the underlying vulnerability. Replacement remains the safest path.
- Long-term fix. Replace with modern, actively supported equipment that gets regular security updates (ideally with auto-updates).
Our recommended stack for Wisconsin SMBs
At ForgeGuard IT, we specialize in enterprise-grade networking that’s affordable for small businesses. Our go-to stack is Ubiquiti UniFi—reliable Wi-Fi, firewalls, switches, and SD-WAN with strong security and simple management.
We bring boots-on-the-ground service anywhere in Wisconsin (same-day in the south, next-day statewide—no matter the weather).
How ForgeGuard IT Can Help
We’re brutally upfront: if you have one of these vulnerable routers, it’s a real risk. We don’t push unnecessary upsells—we tell you what you actually need.
As part of our flat-rate plans (starting with Essentials at $350 for up to 5 users), we include proactive monitoring, SentinelOne EDR, the Ubiquiti stack, and a monthly plain-English Risk Scorecard so you always know where you stand.
Ready to check your risk and upgrade your network?
ForgeGuard IT delivers transparent, local protection for Wisconsin SMBs—no surprises.
Let’s secure your business like neighbors do.
