[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"focus:arystinger-botnet-infected-thousands-of-d-link-routers-worldwide-mqpnbcoa":3},{"item":4},{"id":5,"title":6,"slug":7,"summary":8,"severity":9,"category":10,"cve_ids":11,"affected_products":15,"action_required":20,"article_ids":21,"ioc_summary":23,"source_urls":24,"status":26,"expires_at":27,"created_at":28,"updated_at":29,"articles":30},"54d9a690-6f40-45e8-ba52-460d961e1c0f","AryStinger botnet infected thousands of D-Link routers worldwide","arystinger-botnet-infected-thousands-of-d-link-routers-worldwide-mqpnbcoa","AryStinger botnet has compromised 4,000+ D-Link routers (DIR-850L, DIR-818LW) worldwide by exploiting known vulnerabilities, converting them into remote proxies for scanning, tunneling, and command execution. Attackers can modify DNS settings to hijack traffic and monitor network activity. Infections are concentrated in Asia but pose global risk to organizations using affected models.","critical","advisory",[12,13,14],"CVE-2013-3307","CVE-2016-5681","CVE-2025-11837",[16,17,18,19],"D-Link","D-Link DIR-850L","D-Link DIR-818LW","Qianxin","Immediately identify and inventory all D-Link DIR-850L and DIR-818LW routers on your network. Patch to latest firmware or isolate\u002Freplace affected devices. Check firewall and DNS logs for anomalous proxy activity or DNS hijacking indicators.",[22],"daf056d7-4e2e-43b6-9c63-b150889e3cbb",null,[25],"https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Farystinger-botnet-infected-thousands-of-d-link-routers-worldwide\u002F","active","2026-06-24T20:06:00.26+00:00","2026-06-22T20:06:06.132102+00:00","2026-06-22T20:08:45.590807+00:00",[31],{"id":22,"title":6,"url":25}]