A newly identified and actively exploited critical security vulnerability (CVE-2026-0625, CVSS 9.3) affecting legacy D-Link DSL gateway routers demands immediate attention from all security practitioners, especially those maintaining infrastructure related to Web3 operations. The flaw is rooted in a command injection vulnerability within the “dnscfg.cgi” endpoint. This critical remote code execution (RCE) vector arises from the improper sanitization of user-supplied DNS configuration parameters. Crucially, the exploitation can be executed by an unauthenticated remote attacker, granting them full control over the compromised device. While these are traditional networking devices, compromised routers can serve as devastating beachheads for sophisticated attacks, including hosting phishing sites targeting crypto wallets, establishing exit nodes for malicious traffic aimed at decentralized finance (DeFi) protocols, or executing supply chain attacks against developers and node operators. Infrastructure security remains paramount; users operating legacy D-Link equipment must isolate or immediately decommission these devices as official patches are unlikely for end-of-life hardware.
Source: Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers
コメント