CVE-2026-42374
Hardcoded Telnet Backdoor in D-Link DIR-600L
Publication date: 2026-05-04
Last updated on: 2026-05-06
Assigner: securin
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | dir-600l_firmware | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows an unauthenticated attacker on the local network to gain root shell access with full administrative control due to a hardcoded telnet backdoor in the D-Link DIR-600L Hardware Revision B1 device.
Such unauthorized access could lead to compromise of sensitive data, which may result in non-compliance with data protection regulations and standards such as GDPR and HIPAA that require protection of personal and health information.
Additionally, since the device is End-of-Life and will not receive patches, the risk remains unmitigated, further increasing compliance challenges.
Can you explain this vulnerability to me?
The D-Link DIR-600L Hardware Revision B1 contains a hardcoded telnet backdoor. This means the device automatically starts a telnet service at boot with a fixed username "Alphanetworks" and a static password "wrgn61_dlwbr_dir600L". The telnet daemon uses a custom binary that accepts user credentials via a specific flag, and the login process validates these credentials using a simple string comparison. If an attacker on the local network uses these credentials, they can gain root shell access, giving them full administrative control over the device.
Additionally, the device is End-of-Life and will not receive any patches or updates to fix this vulnerability.
How can this vulnerability impact me? :
This vulnerability allows an unauthenticated attacker on the local network to gain root access to the device. With root shell access, the attacker can fully control the device, potentially leading to unauthorized changes, data interception, network disruption, or using the device as a launch point for further attacks within the network.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of a telnet daemon running on the D-Link DIR-600L Hardware Revision B1 device that accepts connections with the hardcoded username "Alphanetworks" and password "wrgn61_dlwbr_dir600L".
You can attempt to connect to the device's telnet service using the known credentials to verify if the backdoor is active.
- Use a telnet client to connect to the device's IP address on the telnet port (usually port 23): telnet <device_ip> 23
- Attempt to login with username: Alphanetworks and password: wrgn61_dlwbr_dir600L
- On a Linux system, you can use: echo -e "Alphanetworks wrgn61_dlwbr_dir600L" | telnet <device_ip> 23
What immediate steps should I take to mitigate this vulnerability?
Since the device is End-of-Life and will not receive patches, immediate mitigation steps include disabling the telnet service if possible or isolating the device from untrusted networks.
Restrict access to the device to trusted local network segments only, and monitor for any unauthorized telnet connections.
Consider replacing the affected device with a newer, supported model that does not contain this vulnerability.