A newly discovered critical security flaw in legacy D-Link DSL gateway routers has come under active exploitation in the wild.
The vulnerability, tracked as CVE-2026-0625 (CVSS score: 9.3), concerns a case of command injection in the « dnscfg.cgi » endpoint that arises as a result of improper sanitization of user-supplied DNS configuration parameters.
« An unauthenticated remote attacker can inject
