Attackers are actively exploiting a critical zero-day vulnerability (CVE-2026-0625) in discontinued D-Link DSL gateway routers, most of which stopped receiving security updates over five years ago. The flaw, with a CVSS score of 9.3, allows remote attackers to execute arbitrary commands through the router's DNS configuration system without authentication.
VulnCheck discovered the vulnerability on December 16, 2025, after spotting active exploitation in production environments. D-Link is still investigating which specific models are affected, promising to release a detailed list this week. The company recommends organizations immediately replace these end-of-life devices with currently supported models.
This highlights ongoing risks of using obsolete networking equipment that no longer receives security patches.
Source: Dark Reading