嗯,用户让我总结这篇文章的内容,控制在100字以内,而且不需要用“文章内容总结”之类的开头。好的,我先看看文章讲了什么。 文章主要讲的是黑客正在利用D-Link旧款DSL路由器中的一个严重漏洞CVE-2026-0625,这个漏洞允许远程命令执行。漏洞是因为dnscfg.cgi端点没有正确处理用户输入的DNS配置参数,导致命令注入。VulnCheck报告了这个漏洞,并且指出攻击者已经在利用它。受影响的设备包括DSL-2740R、DSL-2640B等型号,这些设备早在2020年就已到生命周期结束。D-Link正在调查受影响的型号,并计划发布更新列表。 现在我需要把这些信息浓缩到100字以内。首先提到黑客利用漏洞,然后说明漏洞是什么类型,影响哪些设备,以及设备已经过时了。最后提到用户应该更换设备。 所以总结大概是:黑客正利用D-Link旧款DSL路由器中的远程命令执行漏洞CVE-2026-0625进行攻击,该漏洞因未正确处理输入导致。受影响设备包括DSL-2740R等型号,这些设备已过时,建议用户更换。 </think> 黑客正利用D-Link旧款DSL路由器中的远程命令执行(RCE)漏洞CVE-2026-0625进行攻击。该漏洞因未正确处理输入导致命令注入风险。受影响设备包括DSL-2740R等型号,这些设备已过时,建议用户更换支持安全更新的设备以降低风险。 2026-1-7 09:52:4 Author: securityaffairs.com(查看原文) 阅读量:4 收藏
Hackers actively exploit critical RCE flaw in legacy D-Link DSL routers
Attackers are exploiting a critical flaw (CVE-2026-0625) in old D-Link DSL routers that allows remote command execution.
Threat actors are actively exploiting a critical RCE flaw, tracked as CVE-2026-0625 (CVSS score of 9.3), in legacy D-Link DSL routers. The vulnerability is an improper neutralization of special elements used in an OS Command (‘OS Command Injection’), and is caused by command injection in the dnscfg.cgi endpoint due to improper input sanitization.
“Multiple D-Link DSL gateway devices contain a command injection vulnerability in the dnscfg.cgi endpoint due to improper sanitization of user-supplied DNS configuration parameters. An unauthenticated remote attacker can inject and execute arbitrary shell commands, resulting in remote code execution.” reported cybersecurity firm VulnCheck. “The affected endpoint is also associated with unauthenticated DNS modification (“DNSChanger”) behavior documented by D-Link, which reported active exploitation campaigns targeting firmware variants of the DSL-2740R, DSL-2640B, DSL-2780B, and DSL-526B models from 2016 through 2019.”
Shadowserver researchers detected active exploitation on November 27, 2025. Experts have highlighted that the affected devices reached end-of-life status as early as 2020.
D-Link launched an internal probe after VulnCheck’s December 16, 2025 report of active exploitation and is reviewing affected models, with an updated list due soon.
“On December 16, 2025, VulnCheck (https://www.vulncheck.com/) reported active exploitation of a compromised CGI library observed in certain D-Link devices. D-Link initiated an internal investigation immediately and is tracing historical and current use of this CGI library across all applicable product offerings.” reads D-Link’s advisory. “Both D-Link and VulnCheck face complexity in precisely identifying all impacted models due to variations in firmware implementations and product generations. D-Link continues a detailed firmware-level review to determine affected devices. An updated list of specific models and, where applicable, firmware versions under review will be published later this week.
VulnCheck reported this issue after observing exploitation activity in live environments. Current analysis shows no reliable model number detection method beyond direct firmware inspection. For this reason, D-Link is validating firmware builds across legacy and supported platforms as part of the investigation.”
Below is the list of impacted models:
The attackers and scale of the hacking campaigns targeting the vulnerable devices remain unknown, but since the flaw affects obsolete DSL routers, users should replace them and upgrade to supported devices with security updates.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, newsletter)
如有侵权请联系:admin#unsafe.sh