Description
A weakness has been identified in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The affected element is an unknown function of the component DHCP Client Information Handler. Executing a manipulation can lead to information disclosure. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.
Published: 2026-02-06
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Patch Update
AI Analysis

Impact

D-Link DIR‑605L and DIR‑619L routers running firmware versions 2.06B01 and 2.13B01 are vulnerable to an information disclosure when a crafted request is sent to the DHCP Client Information Handler. The weakness allows an attacker to obtain sensitive information from the device, potentially revealing configuration data or other internal details. The exposed data could be used to facilitate further attacks, such as password extraction or network mapping. This vulnerability is classified under CWE‑200 and CWE‑284, indicating confidentiality and access control weaknesses.

Affected Systems

The affected products are D‑Link DIR‑605L and DIR‑619L routers. Only the specific firmware versions 2.06B01 for the DIR‑605L and 2.13B01 for the DIR‑619L are impacted, and the devices are no longer supported by the manufacturer. Users running these models should check the exact firmware revision against those listed to confirm exposure.

Risk and Exploitability

The CVSS score of 6.9 reflects a moderate severity. The EPSS score is below 1 %, indicating a very low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, so it is not known to have been actively exploited. However, the ability for remote exploitation and the public availability of a proof‑of‑concept suggests that cautious action is warranted.

Generated by OpenCVE AI on April 17, 2026 at 22:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor‑issued firmware update that addresses the DHCP Client Information disclosure for DIR‑605L and DIR‑619L routers.
  • If a patch is not yet available, disable the DHCP client feature or restrict inbound DHCP traffic using the router’s firewall or an external network firewall to prevent unauthorized requests.
  • Continuously monitor the device and network logs for suspicious DHCP activity and isolate the router from critical segments until a patch or workaround is applied.

Generated by OpenCVE AI on April 17, 2026 at 22:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink dir-605l
Dlink dir-605l Firmware
Dlink dir-619l
Dlink dir-619l Firmware
Weaknesses NVD-CWE-Other
CPEs cpe:2.3:h:dlink:dir-605l:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-619l:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-605l_firmware:2.06b01:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-619l_firmware:2.13b01:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink dir-605l
Dlink dir-605l Firmware
Dlink dir-619l
Dlink dir-619l Firmware

Mon, 09 Feb 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link dir-605l
D-link dir-619l
Vendors & Products D-link
D-link dir-605l
D-link dir-619l

Fri, 06 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Feb 2026 13:15:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The affected element is an unknown function of the component DHCP Client Information Handler. Executing a manipulation can lead to information disclosure. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.
Title D-Link DIR-605L/DIR-619L DHCP Client Information information disclosure
Weaknesses CWE-200
CWE-284
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:W/RC:UR'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

D-link Dir-605l Dir-619l
Dlink Dir-605l Dir-605l Firmware Dir-619l Dir-619l Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T09:25:21.974Z

Reserved: 2026-02-06T06:21:32.971Z

Link: CVE-2026-2055

cve-icon Vulnrichment

Updated: 2026-02-06T16:46:27.295Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-06T13:15:54.777

Modified: 2026-02-17T19:09:14.370

Link: CVE-2026-2055

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T22:45:29Z

Weaknesses