A newly discovered critical security flaw in legacy D-Link DSL gateway routers has come under active exploitation in the wild.
The vulnerability, tracked as CVE-2026-0625 (CVSS score: 9.3), concerns a case of command injection in the "dnscfg.cgi" endpoint that arises as a result of improper sanitization of user-supplied DNS configuration parameters.
"An unauthenticated remote attacker can inject

Recommended Comments
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.