As detailed in The Hacker News, a critical security flaw, CVE-2026-0625, affecting legacy D-Link DSL gateway routers, is currently being exploited in the wild. This vulnerability carries a CVSS score of 9.3 and allows for command injection through the "dnscfg.cgi" endpoint due to inadequate sanitization of DNS configuration parameters.The flaw enables unauthenticated remote attackers to inject and execute arbitrary shell commands, leading to remote code execution. VulnCheck reported that exploitation campaigns have targeted firmware variants of D-Link models DSL-2740R, DSL-2640B, DSL-2780B, and DSL-526B. These attacks were observed by the Shadowserver Foundation on November 27, 2025. Many of the affected devices have reached their end-of-life status since early 2020, making them unpatchable. D-Link has initiated an investigation and is working to identify all affected products, acknowledging complexities due to firmware variations.The exploitation of CVE-2026-0625 highlights the significant risks associated with using end-of-life network devices. These unpatched routers can be hijacked to redirect or intercept traffic, compromising all devices on the network. Organizations still operating these legacy D-Link models face elevated operational risks and should prioritize upgrading to actively supported devices that receive regular security updates to mitigate potential widespread DNS hijacking and data breaches.Source: The Hacker News
Network Security, IoT, Vulnerability Management
Critical D-Link DSL gateway vulnerability actively exploited

(Adobe Stock)
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



