CVE-2026-0625

Published Jan 5, 2026

Last updated 9 days ago

CVSS critical 9.3
Network

Overview

Description
Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality. By directly requesting this endpoint, an attacker can modify the device’s DNS settings without valid credentials, enabling DNS hijacking (“DNSChanger”) attacks that redirect user traffic to attacker-controlled infrastructure. In 2019, D-Link reported that this behavior was leveraged by the "GhostDNS" malware ecosystem targeting consumer and carrier routers. All impacted products were subsequently designated end-of-life/end-of-service, and no longer receive security updates. Exploitation evidence was observed by the Shadowserver Foundation on 2025-11-27 (UTC).
Source
disclosure@vulncheck.com
NVD status
Deferred
CNA Tags
unsupported-when-assigned

Risk scores

CVSS 4.0

Type
Secondary
Base score
9.3
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
CRITICAL

Weaknesses

disclosure@vulncheck.com
CWE-306

Social media

Hype score
Not currently trending

  1. [CYBERSEC] 𝗗-𝗟𝗶𝗻𝗸 𝗟𝗲𝗴𝗮𝗰𝘆 𝗥𝗼𝘂𝘁𝗲𝗿𝘀 𝗘𝘅𝗽𝗹𝗼𝗶𝘁𝗲𝗱 𝗦𝗶𝗻𝗰𝗲 𝗡𝗼𝘃𝗲𝗺𝗯𝗲𝗿, 𝗡𝗼 𝗣𝗮𝘁𝗰𝗵 𝗖𝗼𝗺𝗶𝗻𝗴 CVE-2026-0625 (CVSS 9.3), a command injectio

    @DarkForgeNews

    4 Apr 2026

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. [CYBERSEC] **Unpatched D-Link Routers Under Active Exploit Since November 2025** A critical command injection vulnerability designated CVE-2026-0625 has been actively exploited in legacy D-Link DSL routers since at least November 2025, with no patch forthcoming from the https:/

    @DarkForgeNews

    1 Apr 2026

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Top 5 Trending CVEs: 1 - CVE-2026-0625 2 - CVE-2016-4655 3 - CVE-2025-27363 4 - CVE-2026-28515 5 - CVE-2026-21509 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    1 Mar 2026

    195 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Related CVEs

  1. Fortinet FortiClient EMS Improper Access Control VulnerabilityCVE-2026-35616
  2. Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, inefficiency in DCERPC buffering can lead to a performance degradation. This issue has been patched in version 7.0.15.CVE-2026-31937
  3. Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session MixupCVE-2026-4368
  4. Citrix NetScaler Out-of-Bounds Read VulnerabilityCVE-2026-3055
  5. Qualcomm Multiple Chipsets Memory Corruption VulnerabilityCVE-2026-21385

References

Sources include official advisories and independent security research.