Category: Uncategorized

Jan 07, 2026Ravie LakshmananNetwork Security / Vulnerability

A newly discovered critical security flaw in legacy D-Link DSL gateway routers has come under active exploitation in the wild.

The vulnerability, tracked as CVE-2026-0625 (CVSS score: 9.3), concerns a case of command injection in the “dnscfg.cgi” endpoint that arises as a result of improper sanitization of user-supplied DNS configuration parameters.

“An unauthenticated remote attacker can inject and execute arbitrary shell commands, resulting in remote code execution,” VulnCheck noted in an advisory.

“The affected endpoint is also associated with unauthenticated DNS modification (‘DNSChanger’) behavior documented by D-Link, which reported active exploitation campaigns targeting firmware variants of the DSL-2740R, DSL-2640B, DSL-2780B, and DSL-526B models from 2016 through 2019.”

The cybersecurity company also noted that exploitation attempts targeting CVE-2026-0625 were recorded by the Shadowserver Foundation on November 27, 2025. Some of the impacted devices have reached end-of-life (EoL) status as of early 2020 –

• DSL-2640B
• DSL-2740R
• DSL-2780B
• DSL-526B

In an alert of its own, D-Link initiated an internal investigation following a report from VulnCheck on December 16, 2025, about active exploitation of “dnscfg.cgi,” and that it’s working to identify historical and current use of the CGI library across all its product offerings.

It also cited complexities in accurately determining affected models due to variations in firmware implementations and product generations. An updated list of specific models is expected to be published later this week once a firmware-level review is complete.

“Current analysis shows no reliable model number detection method beyond direct firmware inspection,” D-Link said. “For this reason, D-Link is validating firmware builds across legacy and supported platforms as part of the investigation.”

At this stage, the identity of the threat actors exploiting the flaw and the scale of such efforts are not known. Given that the vulnerability impacts DSL gateway products that have been phased out, it’s important for device owners to retire them and upgrade to actively supported devices that receive regular firmware and security updates.

“CVE-2026-0625 exposes the same DNS configuration mechanism leveraged in past large-scale DNS hijacking campaigns,” Field Effect said. “The vulnerability enables unauthenticated remote code execution via the dnscfg.cgi endpoint, giving attackers direct control over DNS settings without credentials or user interaction.”

“Once altered, DNS entries can silently redirect, intercept, or block downstream traffic, resulting in a persistent compromise affecting every device behind the router. Because the impacted D-Link DSL models are end of life and unpatchable, organizations that continue to operate them face elevated operational risk.”

Venezuelan opposition leader María Corina Machado has said she should “absolutely” be in charge of the country, following the US ousting of President Nicolás Maduro last week.

“We are ready and willing to serve our people as we have been mandated,” Machado said in an interview with the BBC’s US partner CBS.

She thanked US President Donald Trump for his “leadership and courage” after US forces stormed Caracas and arrested Maduro, but said nobody trusted the deposed president’s ally who has been appointed as interim leader.

Machado and her opposition movement claimed victory in 2024’s heavily disputed elections, but Trump has refused to back her, saying she lacks popular support.

The former legislator, who was awarded the Nobel Peace Prize last year, described US military action in Venezuela over the weekend as “a major step towards restoring prosperity and rule of law and democracy in Venezuela”.

She said she had not spoken with Trump this year, but expressed gratitude to him for deposing Maduro.

“President Trump’s leadership and courage has brought Nicolás Maduro to face justice and this is huge,” she told CBS.

Despite her overtures, the US president has publicly dismissed Machado as a credible successor to Maduro.

“I think it would be very tough for her to be the leader,” Trump told a news conference days ago, referring to Machado.

“She doesn’t have the support within or the respect within the country. She’s a very nice woman, but she doesn’t have the respect.”

But Machado said nobody trusted Venezuela’s interim leader, Delcy Rodríguez, who was formerly Maduro’s vice-president.

The opposition leader told CBS that Rodríguez was “one of the main architects… of repression for innocent people” in the South American country.

“Everybody in Venezuela and abroad knows perfectly who she is and the role she has played,” Machado said.

While Rodríguez, 56, has faced US sanctions for her ministerial roles in the Maduro administration, she has not been charged by US officials with any crimes.

Rodríguez was sworn in on Monday days after a US special forces breached Venezuelan security to arrest Maduro and his wife Cilia Flores.

Earlier on Tuesday, Rodríguez rebuffed claims by Trump that the US was in charge of Venezuela.

“The Venezuelan government rules our country, and no-one else does,” she said in a televised speech. “There is no external agent governing Venezuela.”

Nvidia has unveiled a new tech platform for self-driving cars as the world’s leading chip-maker seeks more physical products to embed AI into.

Speaking at the annual CES technology conference in Las Vegas, boss Jensen Huan said the system – called Alpamayo – would bring “reasoning” to autonomous vehicles.

That would allow cars to “think through rare scenarios, drive safely in complex environments, and explain their driving decisions,” Huang claimed.

He said Nvidia was working with Mercedes to produce a driverless car powered by the tech, which would be released in the US in the coming months before being rolled out in Europe and Asia.

Nvidia’s chips have helped power the AI revolution, though so far attention has mostly been focussed on the software it powers, such as ChatGPT.

However, leading tech firms are now increasingly looking for hardware – meaning physical products such as cars – that AI could be used in.

Wearing his trademark black leather jacket, Huang told an audience of hundreds that the project has taught Nvidia “an enormous amount” about how to help partners build robotic systems.

“The ChatGPT moment for physical AI is almost here,” Huang said.

“NVIDIA’s pivot toward AI at scale and AI systems as differentiators will help keep it way ahead of rivals,” said Paolo Pescatore, analyst at PP Foresight, from Las Vegas.

“Alpamayo represents a profound shift for NVIDIA, moving from being primarily a compute to a platform provider for physical AI ecosystems.”

Shares of the AI chip designer rose slightly in after-hours trading following Huang’s presentation.

It featured a video demonstration of the AI-powered Mercedes-Benz driving through San Francisco while a passenger, sat behind the steering wheel, kept their hands in their lap.

“It drives so naturally because it learned directly from human demonstrators,” Huang said, “but in every single scenario… it tells you what it’s going to do, and it reasons about what it’s about to do.”

Alpamayo is an open-source AI model, with the underlying code now available on machine learning platform Hugging Face, where autonomous vehicle researchers can access it for free and retrain the model, Huang said.

“Our vision is that someday, every single car, every single truck, will be autonomous,” he told the audience.

The project could pose a threat to companies like Elon Musk’s Tesla, which offers driver assistance software called Autopilot.

“Well that’s just exactly what Tesla is doing,” Musk posted on social media following the Alpamayo announcement. “What they will find is that it’s easy to get to 99% and then super hard to solve the long tail of the distribution.”

Like Tesla, Nvidia also has plans to launch a robotaxi service by next year in collaboration with a partner, but has declined to name the partner or say where it will be.

Nvidia is the world’s most valuable publicly traded company, with a market cap of more than $4.5tn (£3.3tn).

It became the first company to reach $5tn in October, but has lost value over concerns about whether demand AI is overhyped.