9.3
CVE-2026-0625
- EPSS 0.83%
- Veröffentlicht 05.01.2026 21:14:48
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
D-Link DSL/DIR/DNS Command Injection via DNS Configuration Endpoint
Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality. By directly requesting this endpoint, an attacker can modify the device’s DNS settings without valid credentials, enabling DNS hijacking (“DNSChanger”) attacks that redirect user traffic to attacker-controlled infrastructure. In 2019, D-Link reported that this behavior was leveraged by the "GhostDNS" malware ecosystem targeting consumer and carrier routers. All impacted products were subsequently designated end-of-life/end-of-service, and no longer receive security updates. Exploitation evidence was observed by the Shadowserver Foundation on 2025-11-27 (UTC).
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerD-Link
≫
Produkt
DSL-2640B
Default Statusunknown
Version
0
Status
affected
HerstellerD-Link
≫
Produkt
DSL-2740R
Default Statusunknown
Version
0
Status
affected
HerstellerD-Link
≫
Produkt
DSL-2780B
Default Statusunknown
Version
0
Status
affected
HerstellerD-Link
≫
Produkt
DSL-526B
Default Statusunknown
Version
0
Status
affected
HerstellerD-Link
≫
Produkt
DSL-2640T
Default Statusunknown
Version
0
Status
affected
HerstellerD-Link
≫
Produkt
DSL-500
Default Statusunknown
Version
0
Status
affected
HerstellerD-Link
≫
Produkt
DSL-500G
Default Statusunknown
Version
0
Status
affected
HerstellerD-Link
≫
Produkt
DSL-502G
Default Statusunknown
Version
0
Status
affected
HerstellerD-Link
≫
Produkt
DIR-905L
Default Statusunknown
Version
0
Status
affected
HerstellerD-Link
≫
Produkt
DIR-600
Default Statusunknown
Version
0
Status
affected
HerstellerD-Link
≫
Produkt
DIR-608
Default Statusunknown
Version
0
Status
affected
HerstellerD-Link
≫
Produkt
DIR-610
Default Statusunknown
Version
0
Status
affected
HerstellerD-Link
≫
Produkt
DIR-611
Default Statusunknown
Version
0
Status
affected
HerstellerD-Link
≫
Produkt
DIR-615
Default Statusunknown
Version
0
Status
affected
HerstellerD-Link
≫
Produkt
DNS-320
Default Statusunknown
Version
0
Status
affected
HerstellerD-Link
≫
Produkt
DNS-325
Default Statusunknown
Version
0
Status
affected
HerstellerD-Link
≫
Produkt
DNS-345
Default Statusunknown
Version
0
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.83% | 0.746 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| disclosure@vulncheck.com | 9.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.