A newly discovered critical vulnerability (CVE-2026-0625, CVSS 9.3) impacting legacy D-Link DSL gateway routers is currently under active exploitation. This flaw constitutes an unauthenticated remote command injection via the “dnscfg.cgi” endpoint, stemming from improper sanitization of user-supplied DNS configuration parameters. This allows unauthorized remote attackers to execute arbitrary commands on the affected devices.
From a Web3 security perspective, this infrastructure risk is severe. Many individual crypto holders and small-scale node operators may rely on these legacy devices for their home or office networks. A compromised router serves as a perfect launchpad for sophisticated local attacks. Attackers can perform network surveillance, deploy Man-in-the-Middle (MITM) attacks against decentralized applications (dApps) or RPC endpoints, and deploy persistent malware aimed at harvesting crucial credentials like private keys and seed phrases.
Given that these D-Link products are categorized as legacy, vendor patches are unlikely. We strongly urge all Web3 community members to immediately identify and replace or isolate any affected devices to mitigate the critical risk of local network compromise, ensuring physical infrastructure security remains the foundation of digital asset protection.
Source: Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers
コメント