D-Link Legacy Routers Hit by Critical RCE

A critical remote code execution flaw is actively hitting a number of D-Link legacy routers, exposing users to serious cyber threats. Attackers are exploiting a vulnerability identified as CVE-2026-0625, which carries a CVSS score of 9.3. The flaw stems from improper input sanitization on the routers’ ‘dnscfg.cgi’ endpoint, allowing unauthenticated remote actors to inject system-level commands via DNS configuration parameters.

Security researchers report that the attacks are already occurring in the wild, targeting outdated D-Link DSL gateway models that no longer receive firmware updates. These devices remain prevalent in some home and small business networks, increasing the urgency for mitigation. D-Link has yet to release a patch, and affected users are advised to disconnect vulnerable devices and upgrade to supported models as soon as possible.

This wave of exploitation against D-Link legacy routers highlights the persistent risks posed by unmaintained hardware.

Read the full article at:
https://thehackernews.com/2026/01/active-exploitation-hits-legacy-d-link.html