Description
A security vulnerability has been detected in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The impacted element is an unknown function of the file /wan_connection_status.asp of the component DHCP Connection Status Handler. The manipulation leads to information disclosure. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Published: 2026-02-06
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Update Firmware
AI Analysis

Impact

A vulnerability in the DHCP Connection Status Handler of D‑Link DIR‑605L and DIR‑619L allows a remote attacker to manipulate the /wan_connection_status.asp page and obtain sensitive information disclosed by the device. The flaw can be exploited over the network, potentially exposing configuration details and device state and compromising confidentiality.

Affected Systems

The affected devices are the D‑Link DIR‑605L running firmware 2.06B01 and the D‑Link DIR‑619L running firmware 2.13B01. These models are no longer supported by the vendor and remain susceptible to the disclosed exploitation.

Risk and Exploitability

The vulnerability carries a CVSS score of 6.9, indicating medium severity. The EPSS score is below 1%, suggesting a low likelihood of widespread exploitation. It is not listed in the CISA KEV catalog. Attackers can trigger the information disclosure remotely by sending crafted requests to the /wan_connection_status.asp page, without requiring local access or additional credentials.

Generated by OpenCVE AI on April 18, 2026 at 13:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the D‑Link website for any available firmware updates that patch the issue and install the update if present.
  • Disable remote management or configure a firewall rule to block the /wan_connection_status.asp page, preventing unauthorized external access.
  • Move the router into a separate network segment and restrict inbound connections from untrusted networks.

Generated by OpenCVE AI on April 18, 2026 at 13:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink dir-605l
Dlink dir-605l Firmware
Dlink dir-619l
Dlink dir-619l Firmware
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:h:dlink:dir-605l:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-619l:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-605l_firmware:2.06b01:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-619l_firmware:2.13b01:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink dir-605l
Dlink dir-605l Firmware
Dlink dir-619l
Dlink dir-619l Firmware

Mon, 09 Feb 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link dir-605l
D-link dir-619l
Vendors & Products D-link
D-link dir-605l
D-link dir-619l

Fri, 06 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Feb 2026 14:15:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The impacted element is an unknown function of the file /wan_connection_status.asp of the component DHCP Connection Status Handler. The manipulation leads to information disclosure. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Title D-Link DIR-605L/DIR-619L DHCP Connection Status wan_connection_status.asp information disclosure
Weaknesses CWE-200
CWE-284
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:W/RC:UR'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

D-link Dir-605l Dir-619l
Dlink Dir-605l Dir-605l Firmware Dir-619l Dir-619l Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T09:25:37.513Z

Reserved: 2026-02-06T06:21:36.338Z

Link: CVE-2026-2056

cve-icon Vulnrichment

Updated: 2026-02-06T16:48:03.347Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-06T14:16:38.510

Modified: 2026-02-17T19:08:56.160

Link: CVE-2026-2056

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T13:45:45Z

Weaknesses