Executive Summary

CVE-2026-2056 is a security vulnerability found in D-Link DIR-605L and DIR-619L routers running firmware versions 2.06B01 and 2.13B01. The flaw exists in the DHCP Connection Status Handler component, specifically in the /wan_connection_status.asp file. Due to improper access controls and incorrect privilege assignments, an attacker can remotely access this page without any authentication.

This unauthorized access allows the attacker to disclose sensitive network information related to the WAN connection status. The vulnerability is classified as an information disclosure issue and is considered medium severity with a CVSS v3 base score of 5.3.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive network information about your WAN connection. An attacker can remotely exploit this flaw without needing any authentication, potentially gaining insights into your network configuration.

While the vulnerability does not affect the integrity or availability of the device, the exposure of confidential information could aid attackers in further targeting your network or devices.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking if your network devices are D-Link DIR-605L or DIR-619L routers running firmware versions 2.06B01 or 2.13B01. The vulnerable endpoint is the /wan_connection_status.asp page, which can be accessed without authentication.'}, {'type': 'paragraph', 'content': "One way to detect vulnerable devices on your network is to attempt to access the URL path /wan_connection_status.asp on the router's IP address and observe if sensitive WAN connection information is disclosed without authentication."}, {'type': 'paragraph', 'content': 'Additionally, vulnerable devices can be discovered using Google dorking with the query: inurl:wan_connection_status.asp'}, {'type': 'paragraph', 'content': 'Suggested commands to detect the vulnerability on your network or system include using curl or wget to fetch the page and check for unauthorized information disclosure, for example:'}, {'type': 'list_item', 'content': 'curl http://[router_ip]/wan_connection_status.asp'}, {'type': 'list_item', 'content': 'wget -qO- http://[router_ip]/wan_connection_status.asp'}, {'type': 'paragraph', 'content': 'If the response contains sensitive WAN connection information without requiring authentication, the device is vulnerable.'}] [2, 1]

Useful 0 Not Useful 0

Mitigation Strategies

[{'type': 'paragraph', 'content': 'Since the affected D-Link DIR-605L and DIR-619L devices are no longer supported by the manufacturer and no firmware patches are available, immediate mitigation involves restricting access to the vulnerable endpoint.'}, {'type': 'paragraph', 'content': 'The recommended step is to apply restrictive firewall rules to block external and unauthorized internal access to the /wan_connection_status.asp page on the affected routers.'}, {'type': 'paragraph', 'content': "This can be done by configuring network firewalls or router access control lists (ACLs) to deny HTTP requests targeting the /wan_connection_status.asp path or the router's IP address from untrusted sources."}, {'type': 'paragraph', 'content': 'Additionally, monitoring network traffic for suspicious requests to this endpoint and limiting remote management access to trusted networks can help reduce exposure.'}] [2]

Useful 0 Not Useful 0