In various articles, it was confirmed that various D-Link Routers are susceptible to a Zero-day vulnerability that allows an attacker to gain full access.
The D-Link router models are the DSR-150, DSR-250, DSR-500 and the DSR-1000AC that are running firmware version 3.14 and 3.17.
Consequently, a remote, unauthenticated attacker with access to the router’s web interface could execute arbitrary commands as root, effectively gaining complete control of the router. With this access, an attacker could intercept and/or modify traffic, cause denial of service conditions and launch further attacks on other assets. D-Link routers can connect up to 15 other devices simultaneously.
These devices are still for sale on Amazon and other on-line stores.
D-link has come out with a patch and advisory
Read similar articles here: