10/69 Thursday, January 8, 2026
A critical security vulnerability, CVE-2026-0625, has been identified in several legacy D-Link router models that have already reached End-of-Life (EoL). The vulnerability is a Command Injection flaw in a CGI library, specifically at the dnscfg.cgi endpoint, caused by insufficient input validation. This flaw allows unauthenticated attackers to execute arbitrary commands remotely (Remote Code Execution) via DNS configuration parameters. Cybersecurity experts have confirmed that threat actors are already actively exploiting this vulnerability in real-world attacks.
Joint investigations by D-Link and VulnCheck confirmed that the affected devices include the DSL-526B, DSL-2640B, DSL-2740R, and DSL-2780B models. All of these products were discontinued and officially unsupported as of 2020. As a result, D-Link has explicitly stated that no firmware updates or security patches will be released to address this vulnerability. The company is also conducting further assessments to determine whether additional models may be affected, noting that the complexity of firmware architectures makes comprehensive analysis difficult without direct code-level inspection.
Regarding mitigation, this vulnerability is commonly exploited when remote administration is enabled or through browser-based attacks targeting the router’s management interface. Both D-Link and security experts strongly recommend that users who are still operating the affected models immediately discontinue use and replace them with newer, supported devices. Continuing to use End-of-Life hardware poses significant security risks due to the absence of maintenance and security updates to address emerging threats. If you or your organization are still using any of the listed legacy D-Link routers, you are strongly advised to verify the device model immediately and plan for prompt replacement to ensure adequate security.
