Quote:D-Link won’t patch a critical unauthenticated command-injection vulnerability in its routers that could allow an attacker to remotely take over the devices and execute code.
 
The vulnerability (CVE-2019-16920) exists in the latest firmware for the DIR-655, DIR-866L, DIR-652 and DHP-1565 products, which are Wi-Fi routers for the home market. D-Link last week told Fortinet’s FortiGuard Labs, which first discovered the issue in September, that all four of them are end-of-life and no longer sold or supported by the vendor (however, the models are still available as new via third-party sellers).