CNNVD-202601-810 Information

CNNVD ID

CNNVD-202601-810

Related CVE

CVE-2026-0625

• CNNVD Published: 2026-01-05

Description (Chinese)

D-Link DSL-2740R等都是中国友讯（D-Link）公司的产品。D-Link DSL-2740R是一款高性能 ADSL 路由器。D-Link DSL-2640B是一款无线ADSL路由宽带猫。D-Link DSL-2780B是一款无线ADSL路由宽带猫。 D-Link多款产品存在访问控制错误漏洞，该漏洞源于dnscfg.cgi端点对用户提供的DNS配置参数清理不当，可能导致远程命令执行。以下产品受到影响：D-Link DSL-2740R、DSL-2640B、DSL-2780B和DSL-526B。

Description (English)

D-Link DSL-2740R and others are products of the Chinese company D-Link. D-Link DSL-2740R is a high performance ADSL router. D-Link DSL-2640B is a wireless ADSL router broadband cat. D-Link DSL-2780B is a wireless ADSL router broadband cat. D-Link multi-products have access control bugs that stem from the inappropriate clean-up of DNS configuration parameters provided by users at the dnscfg.cgi endpoint, which may lead to remote command execution. The following products were affected: D-Link DSL-2740R, DSL-2640B, DSL-2780B and DSL-526B.

Hazard Level

Low

Vulnerability Type

访问控制错误

Affected Vendor

友讯

Published

2026-01-05

Last Modified

2026-02-24

References

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10068 https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10118 https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10488 https://www.vulncheck.com/advisories/dlink-dsl-command-injection-via-dns-configuration-endpoint https://access.redhat.com/security/cve/cve-2026-0625