Hackers Exploit Zero-Day in Discontinued D-Link Devices
Snippet of Article: "...An OS command injection vulnerability in discontinued D-Link gateway devices has been exploited in the wild as a zero-day.
Tracked as CVE-2026-0625 (CVSS score of 9.3), the security defect exists because the dnscfg.cgi library does not properly sanitize user-supplied DNS configuration parameters.
The issue allows remote, unauthenticated attackers to inject and execute arbitrary shell commands...The confirmed vulnerable models, D-Link says, are legacy DSL gateway appliances that were discontinued half a decade ago. ..."
