Hackers Exploit Zero-Day in Discontinued D-Link Devices
The critical-severity vulnerability allows unauthenticated, remote attackers to execute arbitrary shell commands. The post Hackers Exploit Zero-Day in Discontinued D-Link Devices appeared first on SecurityWeek.
An OS command injection vulnerability in discontinued D-Link gateway devices has been exploited in the wild as a zero-day.
Tracked as CVE-2026-0625 (CVSS score of 9.3), the security defect exists because the dnscfg.cgi library does not properly sanitize user-supplied DNS configuration parameters.
The issue allows remote, unauthenticated attackers to inject and execute arbitrary shell commands, achieving remote code execution (RCE), vulnerability intelligence company VulnCheck explains.
Source: https://www.securityweek.com/hackers-exploit-zero-day-in-discontinued-d-link-devices/
Related breach coverage
- Exploitation of Critical Fortinet FortiClient EMS Flaw Begins2026-03-31
The SQL injection vulnerability allows unauthenticated attackers to execute arbitrary code remotely, via crafted HTTP requests. The post Exploitation of Critical Fortinet FortiClient EMS Flaw Begins appeared first on SecurityWeek.
- Critical SmarterMail Vulnerability Exploited in Ransomware Attacks2026-02-06
The security defect allows unauthenticated attackers to execute arbitrary code remotely via malicious HTTP requests. The post Critical SmarterMail Vulnerability Exploited in Ransomware Attacks appeared first on SecurityWeek.
- Ivanti Patches Exploited EPMM Zero-Days2026-01-30
The critical-severity vulnerabilities could allow unauthenticated attackers to execute arbitrary code remotely. The post Ivanti Patches Exploited EPMM Zero-Days appeared first on SecurityWeek.
- Critical Flowise Vulnerability in Attacker Crosshairs2026-04-07
The improper validation of user-supplied JavaScript code allows attackers to execute arbitrary code and access the file system. The post Critical Flowise Vulnerability in Attacker Crosshairs appeared first on SecurityWeek.