A highly critical vulnerability has been discovered in legacy D-Link DSL gateway routers, and active exploitation in the wild is currently confirmed. This vulnerability, tracked as CVE-2026-0625, is rated with a CVSS score of 9.3, placing it in the Critical severity category. The flaw concerns a command injection vulnerability within the “dnscfg.cgi” endpoint, resulting from inadequate sanitization of user-supplied DNS configuration parameters. Consequently, even an unauthenticated remote attacker can exploit this vulnerability to inject arbitrary code and potentially seize control of the router. Vulnerabilities in internet-connected devices pose a significant risk, often leveraged for botnet formation or as an initial foothold for broader network penetration. Users of affected devices must take immediate action to mitigate the risk.
Critical RCE Vulnerability (CVSS 9.3) Actively Exploited in Legacy D-Link DSL Routers
News
コメント