CRITICAL🇵🇱 Wersja polska

CVE-2026-42375

CVSS 9.8v3.1pub. 2026-05-04upd. 2026-05-06

D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn35_dlwbr_dir600l" read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control. The device has reached End-of-Life (EOL) and will not receive patches.

🤖 AI Analysis
How it works

At system startup, the /bin/telnetd.sh script launches the telnet service (telnetd) with a predefined username 'Alphanetworks' and static password 'wrgn35_dlwbr_dir600l', which is read from the /etc/alpha_config/image_sign file. The non-standard telnetd binary accepts the -u user:password flag, and the non-standard login binary verifies credentials using strcmp() function, which compares strings without additional protective mechanisms. Because the password is hardcoded in the firmware (CWE-798) and cannot be changed by the user, any attacker knowing these credentials can gain access. Successful authentication grants the attacker a shell with root privileges and full administrative control over the device.

Impact

An unauthorized attacker present in the local network can obtain a root shell with full administrative control over the device, enabling configuration modification, network traffic interception, and use of the router as an entry point for further lateral movement in the network.

Mitigation & patch

The manufacturer will not release patches as the device has reached End-of-Life (EOL) status. Immediate removal of the device and replacement with a supported model is recommended. Until replacement, the device must be isolated from untrusted network segments, telnet port access (default TCP 23) must be blocked at the firewall level, and access to the device must be restricted exclusively to trusted hosts.

Who is affected

D-Link DIR-600L in Hardware Revision A1 — device in End-of-Life (EOL) status

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dlink Dir 600l

    HW
    Dlink
    a1
  • Dlink Dir 600l Firmware

    OS
    Dlink
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2014-8361CRITICAL9.8⚠ KEVten sam produkt

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInt...

CVE-2026-42374CRITICAL9.8PL ✓ten sam produkt

Hardcoded backdoor telnet w D-Link DIR-600L — nieautoryzowany dostęp root

CVE-2025-60554CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w D-Link DIR600L – parametr curTime w formSetEnableWizard

CVE-2025-60548CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w D-Link DIR-600L przez parametr curTime

CVE-2025-60553CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w D-Link DIR-600L — podatność krytyczna RCE