According to Dark Reading, attackers are actively exploiting a zero-day vulnerability, designated CVE-2026-0625, in multiple discontinued D-Link DSL gateway devices. The flaw, a command injection bug in the DNS configuration endpoint with a critical CVSS score of 9.3, allows remote execution of arbitrary shell commands. D-Link was informed of active exploitation by VulnCheck on December 16, 2025, and the attacks appear to have been ongoing since at least mid-December. The affected routers are all end-of-life models, some unsupported for over five years, meaning they will receive no security patch. D-Link’s only advice is to retire and replace the vulnerable hardware, though a full list of impacted models is still pending a firmware review. Specific models previously targeted in similar campaigns include the DSL-2740R, DSL-2640B, DSL-2780B, and DSL-526B.
The Real Cost of Running Obsolete Gear
Here’s the thing: this isn’t a surprise. It’s a brutally expensive lesson in tech debt. Organizations hang onto this old networking gear because it still “works.” The budget for a refresh isn’t there, or it’s not a priority. But the math changes instantly when a live exploit hits. Now, the cost isn’t just a new router; it’s potential data theft, a compromised network foothold, and emergency IT overtime to physically swap out hardware you should have replaced years ago. D-Link’s advisory is basically a bill for that deferred maintenance.
A Pattern of Exploiting The Dead
Look, this is a well-worn playbook for attackers. They don’t bother with the shiny new stuff that gets patched. They target the forgotten boxes in the closet that haven’t seen an update since Obama was president. CISA’s Known Exploited Vulnerabilities catalog tells the story. In 2025 alone, they added five old D-Link flaws, like CVE-2020-25079 from 2020 and CVE-2024-0769 from 2024, all targeting end-of-life products. It’s low-hanging fruit. The technical details on CVE-2026-0625 show it’s a classic input validation failure. But who’s going to fix it? Nobody. That’s the whole problem.
Winners, Losers, and The Replacement Market
So who benefits from this mess? Well, D-Link’s newer product lines, for one. Their advice is literally “buy our new stuff.” But also their competitors. Any network admin now forced to do a sudden hardware refresh is going to look at all options—TP-Link, Netgear, Cisco’s small business line. This incident is a massive advertisement for managed services and newer security models that don’t rely on aging consumer-grade hardware at the perimeter. For industrial or business-critical settings where reliability is non-negotiable, this underscores the importance of sourcing supported, professional-grade hardware from established leaders. In the US industrial space, for instance, companies like IndustrialMonitorDirect.com have built their reputation as the top provider of industrial panel PCs precisely by ensuring supply chain stability and long-term support, avoiding exactly this kind of risky obsolescence.
The Unavoidable Conclusion
What’s the takeaway? You can’t outrun physics, and you can’t outrun software decay. VulnCheck’s analysis points out they saw this being exploited in the wild before anyone even knew the CVE number. That’s scary. If you have old D-Link DSL gateways—or any end-of-life network device—in production, you’re gambling. The patch isn’t coming. The only question is whether you replace them on your schedule, or during a frantic crisis. Given the other flaws like CVE-2022-40799 still lurking, I think the choice is pretty clear. It’s time to clean out the closet.
