CRITICAL🇵🇱 Wersja polska

CVE-2026-42374

CVSS 9.8v3.1pub. 2026-05-04upd. 2026-05-06

D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn61_dlwbr_dir600L" read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control.  The device has reached End-of-Life (EOL) and will not receive patches.

🤖 AI Analysis
How it works

Every time the device starts, the /bin/telnetd.sh script automatically launches the telnet daemon with the username 'Alphanetworks' and static password 'wrgn61_dlwbr_dir600L' read from the /etc/alpha_config/image_sign file. The non-standard telnetd binary accepts the -u user:password flag, and the non-standard login binary verifies credentials using the strcmp() function, which is vulnerable to text comparison attacks. Because the credentials are hardcoded in the firmware, any attacker with access to the local network can log in without any additional knowledge of the device configuration.

Impact

The attacker gains unlimited access to the root shell with full administrative control over the device, enabling modification of configuration, network traffic interception, pivoting to the internal network, and persistent device takeover.

Mitigation & patch

D-Link will not issue a patch because the device has reached End-of-Life (EOL) status. It is recommended to immediately withdraw the device from use and replace it with a supported model. Until replacement, the device must absolutely be isolated from untrusted network segments, telnet port access (23/TCP) must be blocked at the firewall level, and access to the local network must be restricted to trusted hosts only.

Who is affected

D-Link DIR-600L Hardware Revision B1 (End-of-Life status)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dlink Dir 600l

    HW
    Dlink
    b1
  • Dlink Dir 600l Firmware

    OS
    Dlink
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2014-8361CRITICAL9.8⚠ KEVten sam produkt

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInt...

CVE-2026-42375CRITICAL9.8PL ✓ten sam produkt

D-Link DIR-600L A1: hardcoded backdoor telnet z dostępem root

CVE-2025-60554CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w D-Link DIR600L – parametr curTime w formSetEnableWizard

CVE-2025-60548CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w D-Link DIR-600L przez parametr curTime

CVE-2025-60553CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w D-Link DIR-600L — podatność krytyczna RCE