9.3
CVE-2026-0625
- EPSS 0.53%
- Veröffentlicht 05.01.2026 21:14:48
- Zuletzt bearbeitet 08.01.2026 18:09:23
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality. By directly requesting this endpoint, an attacker can modify the device’s DNS settings without valid credentials, enabling DNS hijacking (“DNSChanger”) attacks that redirect user traffic to attacker-controlled infrastructure. In 2019, D-Link reported that this behavior was leveraged by the "GhostDNS" malware ecosystem targeting consumer and carrier routers. All impacted products were subsequently designated end-of-life/end-of-service, and no longer receive security updates. Exploitation evidence was observed by the Shadowserver Foundation on 2025-11-27 (UTC).
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerD-Link
≫
Produkt
DSL-2640B
Default Statusunknown
Version
0
Status
affected
HerstellerD-Link
≫
Produkt
DSL-2740R
Default Statusunknown
Version
0
Status
affected
HerstellerD-Link
≫
Produkt
DSL-2780B
Default Statusunknown
Version
0
Status
affected
HerstellerD-Link
≫
Produkt
DSL-526B
Default Statusunknown
Version
0
Status
affected
HerstellerD-Link
≫
Produkt
DSL-2640T
Default Statusunknown
Version
0
Status
affected
HerstellerD-Link
≫
Produkt
DSL-500
Default Statusunknown
Version
0
Status
affected
HerstellerD-Link
≫
Produkt
DSL-500G
Default Statusunknown
Version
0
Status
affected
HerstellerD-Link
≫
Produkt
DSL-502G
Default Statusunknown
Version
0
Status
affected
HerstellerD-Link
≫
Produkt
DIR-905L
Default Statusunknown
Version
0
Status
affected
HerstellerD-Link
≫
Produkt
DIR-600
Default Statusunknown
Version
0
Status
affected
HerstellerD-Link
≫
Produkt
DIR-608
Default Statusunknown
Version
0
Status
affected
HerstellerD-Link
≫
Produkt
DIR-610
Default Statusunknown
Version
0
Status
affected
HerstellerD-Link
≫
Produkt
DIR-611
Default Statusunknown
Version
0
Status
affected
HerstellerD-Link
≫
Produkt
DIR-615
Default Statusunknown
Version
0
Status
affected
HerstellerD-Link
≫
Produkt
DNS-320
Default Statusunknown
Version
0
Status
affected
HerstellerD-Link
≫
Produkt
DNS-325
Default Statusunknown
Version
0
Status
affected
HerstellerD-Link
≫
Produkt
DNS-345
Default Statusunknown
Version
0
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.53% | 0.668 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| disclosure@vulncheck.com | 9.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.