Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers

A newly discovered critical security flaw in legacy D-Link DSL gateway routers has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0625 CVSS score: 9.3, concerns a case of command injection in the "dnscfg.cgi" endpoint that arises as a result of improper...

CVE-2026-0625

Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality. By directly requesting this endpoint, an attacker can modify the device’s DN...

CVE-2020-8982

creationtimestamp| type| source ---|---|--- 2025-12-23 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2025-12-23 2025-12-25 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2025-12-25 2025-12-26 00:00:00+00:00| exploited| The...

CVE-2024-30891

creationtimestamp| type| source ---|---|--- 2025-12-21 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-12-21 2026-03-20 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2026-03-20 2026-03-22 00:00:00+00:00| seen| The Shadowserver...

CVE-2021-43163

creationtimestamp| type| source ---|---|--- 2025-12-18 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-12-18 2026-06-23 14:06:16+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/81027123-38d0-4796-a9df-b0d9a6633a72 2026-06-30...

EUVD-2025-198992

Ruijie NBR series routers contain an unauthenticated arbitrary file upload vulnerability via /ddi/server/fileupload.php. The endpoint accepts attacker-supplied values in the name and uploadDir parameters and saves the provided multipart file content without adequate validation or sanitization of...

CVE-2023-7330

CVE-2023-7330 affects Ruijie NBR series routers. An unauthenticated arbitrary file upload vulnerability exists via /ddi/server/fileupload.php where attacker-controlled values in the name and uploadDir parameters are accepted and the multipart file content is saved without proper validation or san...

CVE-2022-4982

DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file inclusion vulnerability. The device's web server exposes handlers frame.html and frame.A100.html that accept a path parameter content or sidebar which is not properly validated or canonicalized. An attacker c...

CVE-2022-4984

CVE-2022-4984 affects ZenTao Biz < 6.5, ZenTao Max < 3.0, and ZenTao Open Source Edition

CVE-2022-4982 DBLTek GoIP-1 vGHSFVT-1.1-67-5 Unauthenticated LFI

DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file inclusion vulnerability. The device's web server exposes handlers frame.html and frame.A100.html that accept a path parameter content or sidebar which is not properly validated or canonicalized. An attacker c...

EUVD-2018-21611

PacsOne Server version 6.6.2 prior versions are likely affected contains a directory traversal vulnerability within the web-based DICOM viewer component. Successful exploitation allows a remote unauthenticated attacker to read arbitrary files via the 'nocache.php' endpoint with a crafted 'path'...

CVE-2021-4462

Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side...

PT-2025-46220

PacsOne Server version 6.6.2 prior versions are likely affected contains a directory traversal vulnerability within the web-based DICOM viewer component. Successful exploitation allows a remote unauthenticated attacker to read arbitrary files via the 'nocache.php' endpoint with a crafted 'path'...

VulnCheck KEV: CVE-2021-4462

Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side...

EUVD-2020-30818

Various Ruijie Gateway EG and NBR models firmware versions 11.16B9P1 11.94B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server...

CVE-2020-36870

Various Ruijie Gateway EG and NBR models firmware versions 11.16B9P1 11.94B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server...

CVE-2020-36870

CVE-2020-36870 affects Ruijie Gateway EG and Ruijie NBR series (firmware versions 11.1(6)B9P1 through 11.9(4)B12P1 are vulnerable). Root cause is a code execution vulnerability in the EWEB management system that can be abused via front-end functionality; when features such as guest authentication...

EUVD-2025-26142

Malicious code in bioql PyPI...

CVE-2025-7414

creationtimestamp| type| source ---|---|--- 2025-09-24 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-09-24 2025-10-01 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-10-01 2025-10-02 00:00:00+00:00| seen| The Shadowserver...

CVE-2023-7308

SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure vulnerability in the /cgi-bin/authUser/authManageSet.cgi endpoint. The affected component fails to enforce authentication checks on POST requests to retrieve user data. An unauthenticated...