CVE-2026-42372
Hardcoded Telnet Backdoor in D-Link DIR-605L
Publication date: 2026-05-04
Last updated on: 2026-05-06
Assigner: securin
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | dir-605l_firmware | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The D-Link DIR-605L Hardware Revision A1 contains a hardcoded telnet backdoor. This means the device automatically starts a telnet service at boot with a fixed username "Alphanetworks" and a static password "wrgn35_dlwbr_dir605l". The telnet daemon uses a custom binary that accepts credentials via a specific flag, and the login process uses a simple string comparison to validate them. Because of this, an attacker on the local network can authenticate without proper authorization and gain root shell access, giving them full administrative control over the device.
Additionally, the device is End-of-Life (EOL), so it will not receive any patches or fixes for this vulnerability.
How can this vulnerability impact me? :
This vulnerability allows an unauthenticated attacker on the local network to gain root access to the device. With root shell access, the attacker can fully control the device, potentially leading to unauthorized changes, data interception, network disruption, or using the device as a launch point for further attacks within the network.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the D-Link DIR-605L Hardware Revision A1 device is running a telnet daemon started via /bin/telnetd.sh with the hardcoded username "Alphanetworks" and password "wrgn35_dlwbr_dir605l".
You can attempt to connect to the device's telnet service using the hardcoded credentials to verify if the backdoor is present.
- Use a telnet client to connect to the device's IP address: telnet <device_ip>
- When prompted, use the username: Alphanetworks
- Use the password: wrgn35_dlwbr_dir605l
Successful login indicates the presence of the backdoor.
What immediate steps should I take to mitigate this vulnerability?
Since the device is End-of-Life (EOL) and will not receive patches, immediate mitigation steps include:
- Disconnect the vulnerable D-Link DIR-605L Hardware Revision A1 device from untrusted or public networks to prevent unauthorized access.
- Restrict local network access to the device to trusted users only.
- Replace the device with a supported model that receives security updates.
- If replacement is not immediately possible, monitor network traffic for unauthorized telnet connections to the device.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an unauthenticated attacker on the local network to gain root shell access with full administrative control due to a hardcoded telnet backdoor in the D-Link DIR-605L device. This unauthorized access can lead to compromise of sensitive data and system integrity.
Such unauthorized access and potential data breaches can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive information and mandate strict access controls.
Since the device is End-of-Life and will not receive patches, the risk remains unmitigated, further increasing the likelihood of non-compliance with these regulations.