A highly critical Remote Code Execution (RCE) vulnerability found in legacy D-Link DSL gateway routers is currently under active exploitation in the wild. This situation highlights the general carelessness regarding security management across Internet-connected devices and poses a threat that cannot be ignored when safeguarding the contemporary digital ecosystem, especially the foundation of Web3.0.
The flaw is tracked as “CVE-2026-0625,” boasting a CVSS score of 9.3 (Critical), which indicates a severe defect that destabilizes the core functionality of the device. Specifically, this is a case of command injection occurring in the `dnscfg.cgi` endpoint, arising from improper input validation (sanitization) of user-supplied DNS configuration parameters.
Exploiting this design flaw allows an unauthenticated, remote attacker to inject crafted commands into the device, consequently enabling them to seize control of the system. The abandonment of legacy equipment post-end-of-life support constitutes a clear weak link in the overall network security chain, potentially undermining the decentralized security model emphasized in the Web3.0 environment. Users are urged to immediately cease using the affected devices or implement all possible mitigation measures.
コメント