CVE-2026-42373
Analyzed Analyzed - Analysis Complete
Hardcoded Telnet Backdoor in D-Link DIR-605L

Publication date: 2026-05-04

Last updated on: 2026-05-06

Assigner: securin

Description
D-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn76_dlwbr_dir605L" read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control. The device has reached End-of-Life (EOL) and will not receive patches.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-04
Last Modified
2026-05-06
Generated
2026-06-16
AI Q&A
2026-05-05
EPSS Evaluated
2026-06-15
NVD
CVE-2026-42373
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dlink dir-605l_firmware *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The D-Link DIR-605L Hardware Revision B2 contains a hardcoded telnet backdoor. This means the device automatically starts a telnet service at boot with a fixed username "Alphanetworks" and a static password "wrgn76_dlwbr_dir605L". The telnet daemon uses a custom binary that accepts credentials via a specific flag, and the login process uses a simple string comparison to validate them. Because of this, an attacker on the local network can authenticate without proper authorization and gain root shell access, giving them full administrative control over the device.

Additionally, the device is End-of-Life (EOL) and will not receive any patches to fix this vulnerability.

Impact Analysis

This vulnerability allows an unauthenticated attacker on the local network to gain root access to the device. With root shell access, the attacker can fully control the device, potentially intercepting or manipulating network traffic, installing malicious software, or using the device as a foothold to attack other systems on the network.

Detection Guidance

This vulnerability involves a hardcoded telnet backdoor on the D-Link DIR-605L Hardware Revision B2 device. Detection can focus on identifying the presence of the telnet daemon started at boot and the use of the specific username and password.

  • Check for active telnet services on the device using commands like: netstat -an | grep :23
  • Attempt to connect to the telnet service and test login with the hardcoded credentials: username "Alphanetworks" and password "wrgn76_dlwbr_dir605L".
  • On the device, verify if the /bin/telnetd.sh script is present and running at boot.
  • Check for the presence of the file /etc/alpha_config/image_sign which contains the static password.
Mitigation Strategies

Since the device is End-of-Life (EOL) and will not receive patches, immediate mitigation steps include:

  • Disconnect the vulnerable device from untrusted or public networks to prevent unauthorized access.
  • Disable the telnet service if possible, or block port 23 at the network firewall to prevent telnet connections.
  • Replace the device with a supported model that receives security updates.
Compliance Impact

The vulnerability allows an unauthenticated attacker on the local network to gain root shell access with full administrative control due to a hardcoded telnet backdoor in the D-Link DIR-605L Hardware Revision B2 device. This level of unauthorized access could lead to unauthorized disclosure, modification, or destruction of sensitive data.

Such unauthorized access and potential data compromise would likely violate common standards and regulations such as GDPR and HIPAA, which require protection of personal and sensitive information against unauthorized access and breaches.

Furthermore, since the device is End-of-Life and will not receive patches, the risk remains unmitigated, increasing the likelihood of non-compliance with these regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42373. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart