End-of-life D-Link DIR-850L and related routers are actively exploited in the AryStinger botnet campaign via CVE-2016-5681, a 2016-era authentication bypass vulnerability. No vendor patch is available for end-of-life hardware. Any D-Link DIR-850L in service should be treated as a confirmed compromise risk and replaced immediately.