A newly discovered critical security flaw in legacy D-Link DSL gateway routers has come under active exploitation in the wild.
The vulnerability, tracked as CVE-2026-0625 (CVSS score: 9.3), concerns a case of command injection in the „dnscfg.cgi“ endpoint that arises as a result of improper sanitization of user-supplied DNS configuration parameters.
„An unauthenticated remote attacker can inject
https://thehackernews.com/2026/01/active-exploitation-hits-legacy-d-link.html