A critical security vulnerability (CVE-2026-0625) affects outdated D-Link DSL gateway routers, allowing attackers to manipulate DNS settings and gain unauthorized remote access to execute commands on these devices.

Affected Systems

The following D-Link DSL gateway routers are impacted by this vulnerability:
 

• DSL-526B: firmware version 2.01 or earlier

• DSL-2640B: firmware version 1.07 or earlier

• DSL-2740R: firmware version prior to 1.17

• DSL-2780B: firmware version 1.01.14 or earlier

Security Risks

Exploitation of this vulnerability could allow attackers to redirect or intercept network traffic through the router’s DNS settings, cause network outages, misuse corporate networks for malicious purposes, and disrupt business operations or reputation.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends the following actions:

• Immediately remove all affected D-Link DSL gateway routers and replace them with devices that are actively supported by the vendor and receive security updates.

• Review your D-Link DSL gateway routers using the End-of-Life (EoL) Devices list to identify any devices that may be affected by this vulnerability.

• Follow D-Link guidance and industry best practices  to ensure that all critical systems operate on secure, up-to-date devices and to reduce potential exploitation risks.

For further information and support, please contact the National Cyber Security Authority (NCSA) by email to rwcsirt@ncsa.gov.rw or call us on 9009.

References

• Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers

• D-Link DSL Command Injection via DNS Configuration Endpoint

• New D-Link flaw in legacy DSL routers actively exploited in attacks

• https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10488

• D-Link End-of-Life (EoL) Devices