A newly discovered critical security flaw in legacy D-Link DSL gateway routers, tracked as CVE-2026-0625 (CVSS score: 9.3), is currently under active exploitation in the wild. This flaw concerns a severe case of command injection within the ‘dnscfg.cgi’ endpoint, stemming from improper sanitization of user-supplied DNS configuration parameters. The vulnerability allows an unauthenticated remote attacker to inject arbitrary commands, leading to full remote code execution (RCE) on the affected device.
For the Web3 security community, this incident underscores the persistent threat posed by traditional network layer vulnerabilities. A compromised router provides a persistent beachhead within the local network, which attackers can leverage for sophisticated lateral movement. This access path facilitates attacks targeting machines holding sensitive crypto assets, such as private keys, development environments for smart contracts, or infrastructure running validator nodes. This serves as a critical reminder that foundational network and hardware security must remain paramount in the defense strategy for protecting digital assets. Users relying on these legacy D-Link devices must take immediate action to patch, isolate, or replace the hardware to mitigate the substantial risk to their local Web3 operations.
Source: Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers
コメント