A newly discovered critical security flaw in legacy D-Link DSL
gateway routers has come under active exploitation in the wild. The
vulnerability, tracked as CVE-2026-0625 (CVSS score: 9.3), concerns
a case of command injection in the "dnscfg.cgi" endpoint that
arises as a result of improper sanitization of user-supplied DNS
configuration parameters. "An unauthenticated remote attacker can
inject
Read more https://thehackernews.com/2026/01/active-exploitation-hits-legacy-d-link.html
