A newly discovered critical security flaw, tracked as CVE-2026-0625 (CVSS score: 9.3), affecting legacy D-Link DSL gateway routers, has been confirmed to be under active exploitation in the wild. This vulnerability involves a case of command injection within the “dnscfg.cgi” endpoint, stemming from the improper sanitization of user-supplied DNS configuration parameters. Critically, an unauthenticated remote attacker can exploit this flaw to inject arbitrary commands, potentially leading to full system compromise (Remote Code Execution).
While Web3 is built on decentralized infrastructure, security vulnerabilities in underlying gateway and home networking devices pose a significant threat by creating pathways for phishing attacks or compromising access to local nodes. We strongly urge users and organizations engaging in Web3 activities to immediately update the firmware of their networking equipment, especially legacy products, and implement robust traditional infrastructure security measures such as network segmentation and Zero Trust principles.
コメント