Reports confirm ongoing, active exploitation of a critical Remote Code Execution (RCE) vulnerability (CVE-2026-0625, CVSS 9.3) affecting legacy D-Link DSL gateway routers. The flaw stems from a command injection vulnerability within the ‘dnscfg.cgi’ endpoint. Specifically, improper sanitization of user-supplied DNS configuration parameters allows an unauthenticated remote attacker to inject and execute arbitrary commands. While Web3 infrastructure often focuses on smart contract integrity, this incident serves as a stark reminder that the foundational perimeter—the network edge—remains a critical point of failure. Devices nearing End-of-Life (EoL) or lacking consistent patching cycles are prime targets for initial access vectors. Users and enterprises must immediately audit their network assets, prioritize the replacement or isolation of EoL hardware, and enforce strict input validation standards across all services, regardless of perceived legacy status.
Source: Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers
コメント