Threat actors are exploiting a command injection vulnerability, CVE-2026-0625, in outdated D-Link DSL routers to execute remote commands. The flaw impacts unsupported models, emphasizing the importance of replacing end-of-life devices and applying security best practices. #CVE-2026-0625 #D-LinkDSLrouters
Keypoints
- The vulnerability affects multiple legacy D-Link DSL gateway routers with no available firmware updates.
- Exploitation allows remote code execution through improper input sanitization in the dnscfg.cgi endpoint.
- Most affected devices have been out of support since 2020 and are recommended to be retired.
- D-Link is actively investigating whether other models are impacted by the vulnerability.
- Users are advised to replace unsupported devices and restrict network access to prevent attacks.