FBI Warning: Your Old Wi-Fi Router Could Be Compromised — Here’s What to Do

By 5G Router
FBI Warning: Your Old Wi-Fi Router Could Be Compromised

If you’re still running a Wi-Fi router from the late 2000s or early 2010s, the FBI wants you to know: your network may already be compromised. In a FLASH bulletin originally issued in May 2025 — and still very much relevant today — the Bureau warned that cybercriminals are actively exploiting end-of-life routers to install malware, build botnets, and sell proxy access to other criminals.

This isn’t a theoretical risk. The FBI confirmed that these attacks are happening right now, and the affected devices are ones that many homes and small businesses may still have plugged in and running.

What Does “End-of-Life” Mean for Your Router?

When a router reaches end-of-life (EOL) status, the manufacturer stops releasing firmware updates and security patches. That means any vulnerabilities discovered after that date will never be fixed. For cybercriminals, these devices are low-hanging fruit — they have known, documented security flaws and no way to be patched.

The FBI specifically called out routers dated 2010 or earlier as being at high risk, though some models from as late as 2011 are also on the list.

Which Routers Are Affected?

The FBI named 13 specific Linksys models (many originally sold under the Cisco brand) as being actively targeted:

  • Linksys E1200
  • Linksys E2500
  • Linksys E1000
  • Linksys E4200
  • Linksys E1500
  • Linksys E300
  • Linksys E3200
  • Linksys WRT320N
  • Linksys E1550
  • Linksys WRT610N
  • Linksys E100
  • Linksys M10
  • Linksys WRT310N

If you recognize any of these model numbers on your current router, it’s time for an upgrade.

How the Attack Works

The malware involved — a variant of TheMoon, which has been circulating since 2014 — targets routers that have remote administration enabled. Here’s how the attack chain plays out:

  1. Scanning: Attackers scan the internet for EOL routers with exposed remote management interfaces.
  2. Exploitation: They exploit known, unpatched vulnerabilities to gain root access to the device.
  3. Malware installation: TheMoon malware is uploaded directly onto the router’s operating system.
  4. Command & control: The infected router checks in with a command-and-control server as frequently as every 60 seconds.
  5. Proxy conversion: The router is converted into a proxy server, and access is sold to other criminals through services like 5Socks and Anyproxy (both of which have since been seized by law enforcement).

The particularly dangerous aspect of this attack is that it’s almost invisible. Traditional antivirus software doesn’t scan routers. Since the malware lives on the router itself — not on your computer or phone — it can operate undetected for months or even years. Meanwhile, criminals can use your home or business IP address to mask their own illegal activity.

What You Should Do Right Now

The FBI recommends the following steps:

1. Check your router model. If it’s on the list above, or if it’s a router from 2010 or earlier that no longer receives firmware updates, replace it immediately.

2. Disable remote administration. Log into your router’s settings and turn off remote management/remote administration. Save the change and reboot the router.

3. Update firmware. If your router is still supported, make sure you’re running the latest firmware version.

4. Use strong passwords. The FBI recommends unique, random passwords between 16 and 64 characters for your router’s admin panel.

5. Reboot your router. If you suspect suspicious activity, update firmware, change your password, and reboot.

6. Report incidents. If you believe your router has been compromised, file a complaint with the FBI’s Internet Crime Complaint Center at ic3.gov.

Why This Matters for Businesses

This warning isn’t just for home users. Small businesses that are still running older consumer-grade routers are especially vulnerable. As one security expert noted, many small businesses don’t have a dedicated firewall, and a compromised router could be the entry point for ransomware attacks or data breaches.

If your business relies on its internet connection — and in 2026, whose doesn’t? — running an unsupported router is a risk you simply can’t afford to take.

Time to Upgrade Your Network

If this FBI warning has you thinking about replacing aging network equipment, now is the perfect time. Modern routers and cellular gateways offer dramatically better security, faster speeds, and ongoing firmware support from manufacturers.

At 5Gstore.com, we carry a full range of enterprise-grade and consumer-friendly networking equipment from trusted brands like PeplinkCradlepointDigiInseego, and Teltonika — all of which receive regular security updates and active manufacturer support.

Whether you need a simple plug-and-play replacement for a home router or a robust cellular failover solution for your business, our team can help you find the right fit. Don’t wait until your network is compromised — browse our routers and gateways today.

Have questions about whether your current router is still supported? Give us a call or chat with our team — we’re happy to help you figure out your best upgrade path.

Related posts:

  1. KadNap Botnet Is Hijacking Routers: Is Yours at Risk?
  2. FBI: Malware Infecting Outdated / EOL Routers, Is Yours on the List?
  3. Why Using DNS to Block Malware is a Must-Have for Network Security: Benefits and How to Implement
  4. ASUS Routers Compromised: Models Impacted and How to Check If Your Device Is Infected
,