A critical security flaw in legacy D-Link DSL gateway routers is being actively exploited, allowing remote attackers to execute arbitrary commands. The vulnerability affects several models and is associated with DNS modification behavior known as DNSChanger. #CVE-2026-0625 #D-LinkDSLrouters
Keypoints
- The security flaw is a command injection vulnerability in the “dnscfg.cgi” endpoint.
- The flaw impacts models including DSL-2740R, DSL-2640B, DSL-2780B, and DSL-526B.
- Exploitation can lead to remote code execution without authentication.
- The vulnerability is linked to DNSChanger behavior and active campaigns since late 2025.
- Some affected devices have been end-of-life since early 2020, complicating mitigation efforts.
Read More: https://thehackernews.com/2026/01/active-exploitation-hits-legacy-d-link.html