Critical RCE Vulnerability in Legacy D-Link DSL Routers Under Active Exploitation (CVE-2026-0625)

A highly critical Remote Code Execution (RCE) vulnerability has been identified in legacy D-Link DSL gateway routers, and active exploitation of this flaw is currently underway in the wild. This vulnerability, tracked as CVE-2026-0625, carries a severe CVSS score of 9.3. The root cause is a command injection issue within the router’s “dnscfg.cgi” endpoint, resulting from improper sanitization of user-supplied DNS configuration parameters. Consequently, an unauthenticated remote attacker can inject and execute arbitrary commands on the device. Since D-Link has likely ceased support for these older models, patches may not be provided. Users operating these devices are strongly advised to immediately isolate them from the network or replace them entirely. Attackers often leverage this type of infrastructure vulnerability to find intrusion vectors into the broader Web3 ecosystem, necessitating immediate attention.