Ethical Hacking News
Hackers Exploit Critical RCE Flaw in Legacy D-Link DSL Routers, Putting Millions at Risk
A critical Remote Code Execution (RCE) flaw has been actively exploited by hackers in legacy D-Link DSL routers, leaving millions of users vulnerable to potential attacks. The vulnerability, tracked as CVE-2026-0625, has a CVSS score of 9.3, making it one of the most severe exploits in recent history.
Millions of users are at risk due to a critical Remote Code Execution (RCE) flaw in legacy D-Link DSL routers. The vulnerability, CVE-2026-0625, has a CVSS score of 9.3, making it one of the most severe exploits in recent history. Unauthenticated remote attackers can inject and execute arbitrary shell commands, resulting in remote code execution. The affected devices reached end-of-life status as early as 2020. Users should replace their legacy D-Link DSL routers with supported devices and upgrade to security updates. Those who cannot replace their devices immediately should keep an eye on their router's firmware and update it as soon as possible.
In a worrying turn of events, hackers have been actively exploiting a critical Remote Code Execution (RCE) flaw in legacy D-Link DSL routers, putting millions of users at risk. The vulnerability, identified as CVE-2026-0625, has a CVSS score of 9.3, making it one of the most severe exploits in recent history.
According to cybersecurity firm VulnCheck, the affected devices contain a command injection vulnerability in the dnscfg.cgi endpoint due to improper sanitization of user-supplied DNS configuration parameters. This allows unauthenticated remote attackers to inject and execute arbitrary shell commands, resulting in remote code execution. The affected endpoints are also associated with unauthenticated DNS modification behavior documented by D-Link.
Shadowserver researchers detected active exploitation on November 27, 2025, and experts have highlighted that the affected devices reached end-of-life status as early as 2020. D-Link launched an internal probe after VulnCheck's December 16, 2025 report of active exploitation and is reviewing affected models, with an updated list due soon.
"Multiple D-Link DSL gateway devices contain a command injection vulnerability in the dnscfg.cgi endpoint due to improper sanitization of user-supplied DNS configuration parameters," reported cybersecurity firm VulnCheck. "An unauthenticated remote attacker can inject and execute arbitrary shell commands, resulting in remote code execution."
The attackers and scale of the hacking campaigns targeting the vulnerable devices remain unknown, but since the flaw affects obsolete DSL routers, users should replace them and upgrade to supported devices with security updates.
To understand the severity of this vulnerability, it is essential to review its impact. The affected D-Link DSL routers are prone to command injection due to improper input sanitization. This allows attackers to inject malicious commands, potentially leading to remote code execution.
The good news is that users can take steps to mitigate the risk by replacing their legacy D-Link DSL routers with supported devices and upgrading to security updates. However, for those who cannot replace their devices immediately, it is essential to keep an eye on their router's firmware and update it as soon as possible.
In conclusion, the critical RCE flaw in legacy D-Link DSL routers highlights the importance of keeping software up-to-date and disposing of obsolete technology. As technology advances, it becomes increasingly challenging for users to keep pace with security patches and updates. Therefore, it is crucial to stay informed about potential vulnerabilities and take proactive measures to protect yourself from attacks.
The incident serves as a reminder that even seemingly harmless devices can be vulnerable to attacks. The fact that the exploit has been actively exploited by hackers underscores the importance of staying vigilant and taking swift action when faced with potential security threats.
As technology continues to evolve, it is essential for manufacturers, users, and cybersecurity professionals to work together to prevent similar incidents from occurring in the future. By sharing knowledge and best practices, we can create a safer digital landscape for everyone.
In light of this incident, D-Link has taken steps to address the issue by launching an internal probe and reviewing affected models. An updated list of specific models and firmware versions under review will be published later this week.
VulnCheck reported that current analysis shows no reliable model number detection method beyond direct firmware inspection. For this reason, D-Link is validating firmware builds across legacy and supported platforms as part of the investigation.
The incident highlights the importance of continuous monitoring and vulnerability assessment for network devices. As technology advances, it becomes increasingly challenging to keep pace with security patches and updates. Therefore, it is crucial to stay informed about potential vulnerabilities and take proactive measures to protect yourself from attacks.
In conclusion, the critical RCE flaw in legacy D-Link DSL routers emphasizes the importance of keeping software up-to-date, disposing of obsolete technology, and staying vigilant when faced with potential security threats. By taking these steps, we can create a safer digital landscape for everyone.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Dark-Side-of-Legacy-Technology-Hackers-Exploit-Critical-RCE-Flaw-in-D-Link-DSL-Routers-ehn.shtml
https://securityaffairs.com/186616/hacking/hackers-actively-exploit-critical-rce-flaw-in-legacy-d-link-dsl-routers.html
https://nvd.nist.gov/vuln/detail/CVE-2026-0625
https://www.cvedetails.com/cve/CVE-2026-0625/
Published: Wed Jan 7 07:09:10 2026 by llama3.2 3B Q4_K_M
