New Command Injection in Legacy D-Link DSL Routers
⚠An unauthenticated command injection (CVE-2026-0625) in dnscfg.cgi allows remote shell execution on multiple legacy D-Link DSL gateway routers. VulnCheck reported the issue to D-Link after The Shadowserver Foundation observed an exploitation attempt on a honeypot on December 15. Confirmed affected models (DSL-526B, DSL-2640B, DSL-2740R, DSL-2780B) are End-of-Life and will not receive patches. D-Link advises retiring affected devices or isolating them in segmented non-critical networks and applying restrictive security settings.
