1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This critical severity flaw in D-Link DSL gateway devices could a

    From TechnologyDaily@1337:1/100 to All on Wed Jan 7 15:30:08 2026
    This critical severity flaw in D-Link DSL gateway devices could allow for remote code execution

    Date:
    Wed, 07 Jan 2026 15:15:00 +0000

    Description:
    Users are advised to replace outdated gear to avoid being targeted.

    FULL STORY ======================================================================CVE-2026 -0625, a critical command injection flaw (9.3/10), is being actively
    exploited in legacy D-Link gateway routers Vulnerable models include DSL-2740R, DSL-2640B, DSL-2780B, and DSL-526B, with attacks observed since November 2025 Researchers urge replacing unsupported devices, as compromised routers can enable RCE, credential theft, ransomware, and botnet activity

    D-Link has confirmed that some of its gateway routers , which reached end-of-life (EoL) status years ago, are being exploited in the wild.

    Earlier this week, security researchers from VulnCheck announced finding a command injection vulnerability due to improper sanitization of user-supplied DNS configuration parameters. The bug is tracked as CVE-2026-0625 and has a severity score of 9.3/10 (critical).

    It allows unauthenticated threat actors to inject and execute arbitrary shell commands remotely, which opens the doors for a myriad of different attack types. Replacing outdated gear

    "The affected endpoint is also associated with unauthenticated DNS modification ('DNSChanger') behavior documented by D-Link, which reported active exploitation campaigns targeting firmware variants of the DSL-2740R, DSL-2640B, DSL-2780B, and DSL-526B models from 2016 through 2019, VulnCheck said in its advisory.

    It also said that the ShadowServer foundation found evidence of attacks
    dating back to November 27, 2025.

    Responding to the findings, D-Link said it was looking into the matter and added that it is difficult to determine all of the models affected, given how firmware is implemented across product generations. It said it would release
    a full list of affected models soon.

    "Current analysis shows no reliable model number detection method beyond direct firmware inspection," D-Link said. "For this reason, D-Link is validating firmware builds across legacy and supported platforms as part of the investigation."

    Currently, there is no information about the attackers, or about potential victims. Security researchers are urging users to replace unsupported devices with newer models, to keep them updated with the latest patches, and to
    defend their premises with firewalls, passwords, and multi-factor authentication (MFA) wherever possible.

    In an SMB environment, a gateway router vulnerable to RCE lets attackers take full control of the networks entry point. They can intercept and redirect traffic, steal credentials, deploy malware, and spy on internal communications. From the router, threat actors can move into internal
    systems, scan for vulnerable servers or endpoints, launch ransomware, or create a persistent backdoor.

    Such routers are also sometimes used as botnet nodes, proxies, and C2 infrastructure.

    Via The Hacker News

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-critical-severity-flaw-in-d-link-d sl-gateway-devices-could-allow-for-remote-code-execution


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)