Description
A security flaw has been discovered in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. Impacted is an unknown function of the component Wifi Setting Handler. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.
Published: 2026-02-06
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Mitigate
AI Analysis

Impact

An unknown function in the Wi‑Fi Setting Handler of D‑Link DIR‑605L and DIR‑619L firmware exposes sensitive information when manipulated. The vulnerability permits the retrieval of configuration or other data that should remain confidential. The description does not specify whether credentials or administrative settings are among the leaked data, so any such exposure is not confirmed in the CVE text.

Affected Systems

Products affected are the D‑Link DIR‑605L and DIR‑619L routers running firmware versions 2.06B01 and 2.13B01 respectively. These specific models and firmware builds are documented as no longer supported by the manufacturer, meaning no official patches are available from D‑Link.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate to high impact, but the EPSS score is less than 1 %, implying that real‑world exploitation is rare at present. The vulnerability is not listed in the CISA KEV catalog, yet it can be leveraged if an attacker can remotely access the router’s management interface and submit crafted requests that trigger the disclosure. Because the exploit is publicly available, the risk to organizations that still use the affected devices increases if they have not applied mitigations.

Generated by OpenCVE AI on April 18, 2026 at 19:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Restrict access to the Wi‑Fi Setting interface by configuring the router to allow connections only from trusted internal IP ranges, thereby addressing improper access control (CWE‑284).
  • Disable any provisioning of sensitive information in the Wi‑Fi Setting handler or enforce encryption of parameters so that disclosed data does not reveal credentials or configuration details (CWE‑200).
  • Segment the router from the rest of the network using VLANs or firewall rules and block all inbound management traffic that is not explicitly required, providing an additional layer of access control.

Generated by OpenCVE AI on April 18, 2026 at 19:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink dir-605l
Dlink dir-605l Firmware
Dlink dir-619l
Dlink dir-619l Firmware
Weaknesses NVD-CWE-Other
CPEs cpe:2.3:h:dlink:dir-605l:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-619l:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-605l_firmware:2.06b01:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-619l_firmware:2.13b01:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink dir-605l
Dlink dir-605l Firmware
Dlink dir-619l
Dlink dir-619l Firmware

Mon, 09 Feb 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link dir-605l
D-link dir-619l
Vendors & Products D-link
D-link dir-605l
D-link dir-619l

Fri, 06 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Feb 2026 12:45:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. Impacted is an unknown function of the component Wifi Setting Handler. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.
Title D-Link DIR-605L/DIR-619L Wifi Setting information disclosure
Weaknesses CWE-200
CWE-284
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:W/RC:UR'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

D-link Dir-605l Dir-619l
Dlink Dir-605l Dir-605l Firmware Dir-619l Dir-619l Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T09:25:05.278Z

Reserved: 2026-02-06T06:21:23.475Z

Link: CVE-2026-2054

cve-icon Vulnrichment

Updated: 2026-02-06T16:41:45.725Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-06T13:15:54.580

Modified: 2026-02-17T19:09:28.847

Link: CVE-2026-2054

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T19:45:08Z

Weaknesses