Overview
D-Link is aware of public security reporting concerning a botnet referred to as AryStinger. The public reporting states that the activity has been observed against older router devices, including certain D-Link legacy router models that are no longer in active support. D-Link is providing this notice to help customers understand product lifecycle status and recommended next steps.
The products listed below have reached End of Support / End of Life status under D-Link's product lifecycle. These products are no longer in active firmware development and are not recommended for continued use as primary network devices in modern home or business environments.
D-Link keeps final available documentation, firmware, and software resources in the legacy archive as a convenience for existing owners. The availability of archive materials does not mean the product is actively supported, updated, or recommended for continued use.
Today's networks face different security, privacy, compatibility, and performance requirements than when many legacy products were originally released. For that reason, D-Link strongly recommends that customers retire and replace legacy network products with currently supported products that receive firmware updates and active lifecycle support.
We appreciate the trust customers have placed in D-Link products over the years. Preserving access to historical materials is part of that commitment, but replacing unsupported network devices is the best path to help protect a home or business network.
3rd Party Report
QiAnXin XLab published an AryStinger analysis on June 17, 2026. The report states that the campaign targets router devices based on RTL819x-series chips, whose mainstream active period was concentrated around 2012 to 2015. The report states that attackers used older disclosed vulnerabilities to compromise legacy router devices and turn them into infrastructure for scanning, proxying, tunneling, command execution, and related attacker-directed activity.[1]
BleepingComputer published a related article on June 21, 2026, summarizing the XLab findings and reporting that AryStinger had compromised more than 4,000 outdated routers worldwide. The article identifies DIR-850L and DIR-818LW as primary D-Link models referenced in the public report.[2]
Affected Models
|
Model
|
Public report reference
|
Scope / revision
|
EOL / EOS date
|
Legacy archive
|
Recommended customer guidance
|
|
DIR-850L
|
Referenced by XLab and BleepingComputer
|
All Regions; confirm final H/W revision scope
|
08/31/2018
|
Yes
|
Retire and replace with a currently supported product.
|
|
DIR-818LW / DIR-818L family
|
Referenced by XLab; exact suffix should be confirmed
|
All Regions / Non-US variants may differ
|
05/01/2017 for DIR-818LW; other variants vary
|
Yes
|
Use precise model suffix in final notice; retire and replace.
|
|
DIR-816L
|
Referenced by XLab in grouped model list
|
All Regions; confirm final H/W revision scope
|
03/01/2016
|
Yes
|
Retire and replace; archive resources are for owner reference only.
|
|
DIR-817LW
|
Referenced by XLab in grouped model list
|
All Regions; RevA in D-Link record
|
01/31/2018
|
Yes
|
Retire and replace; confirm any DIR-817Lx naming before publication.
|
|
DIR-820L / DIR-820LW
|
Lifecycle review only; not clearly listed in the current XLab table
|
All Regions / Non-US variants may differ
|
11/01/2017 for DIR-820L; 03/01/2016 for DIR-820LW Non-US
|
Yes
|
Include only if the final security review confirms relevance to this notice.
|
|
DWR-118
|
Referenced by XLab in grouped model list
|
Non-US; all series H/W revisions in D-Link US record
|
04/28/2021 in D-Link US record
|
Non US legacy archive
|
Refer customers to the applicable regional D-Link office or service provider.
|
D-Link Legacy Archive
D-Link maintains the US legacy archive at https://legacy.us.dlink.com/ so owners of legacy products can access final available documentation, firmware, and software resources where those materials remain available. D-Link's legacy archive states that resources associated with these products have ceased development, are no longer supported, and that D-Link recommends retiring these products and replacing them with products that receive firmware updates.[3]
Recommended Customer Actions
- · Replace the legacy router with a currently supported networking product that receives firmware updates.
- · If replacement cannot be completed immediately, verify that the device is running the last available firmware for the exact model and hardware revision, where such firmware remains available in the archive.
- · Use a strong, unique administrator password and change any default or reused credentials.
- · Use strong Wi-Fi encryption and a unique wireless password.
- · Disable remote management unless it is required for a specific, controlled use case.
- · Review the network for unusual activity. If compromise is suspected, replace the device and consult qualified cybersecurity support.
Important customer expectation: These steps can reduce exposure while replacement is arranged. They should not be described as a full remediation or a substitute for replacing an unsupported device.
Regional Support and Third-Party Firmware
D-Link US/Canada product lifecycle guidance applies to products supported through D-Link US/Canada channels. Customers outside the United States and Canada should consult the applicable regional D-Link office. Customers who received a device or firmware through an Internet service provider or carrier should contact that provider for product-specific guidance.
D-Link does not test, validate, or support third-party or open-source firmware for these legacy products. Customers who choose to install non-D-Link firmware should understand that D-Link cannot advise on its safety, compatibility, or suitability for their network.
Source References
|
Ref
|
Source
|
Document
|
URL
|
|
[1]
|
QiAnXin XLab
|
More Than 4,000 Legacy Routers Compromised by AryStinger, Turned into Global Attack Proxies for Hackers
|
Link
|
|
[2]
|
BleepingComputer
|
AryStinger botnet infected thousands of D-Link routers worldwide
|
Link
|
|
[3]
|
D-Link Systems, Inc.
|
D-Link US Legacy Products archive
|
Link
|
|
[4]
|
D-Link US Support Announcement
|
DIR-816L End of Support / End of Life Product
|
Link
|
|
[5]
|
D-Link US Support Announcement
|
DWR-118 / DWR-921 / DWR-925 End-of-Life / End-of-Service
|
Link
|
|
[6]
|
D-Link US Support Announcement
|
Multiple legacy DIR-series products - lifecycle and vulnerability status
|
Link
|