Description
D-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn76_dlwbr_dir605L" read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control. The device has reached End-of-Life (EOL) and will not receive patches.
Published: 2026-05-04
Score: 9.8 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The D-Link DIR‑605L router starts a telnet daemon at boot, using hard‑coded credentials stored in /etc/alpha_config/image_sign. The custom login binary validates the username and password via a simple strcmp call, giving an unauthenticated attacker on the local network a root shell and full administrative control, effectively allowing remote code execution.

Affected Systems

This flaw affects all D‑Link DIR‑605L devices running the firmware revision B2. The product is currently End‑of‑Life and will no longer receive security updates from D‑Link.

Risk and Exploitability

The CVSS score of 9.8 indicates a critical risk. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is local network access via telnet on port 23. Because any local host can connect without prior authentication and the backdoor accepts a predefined username and password, exploitation is straightforward and highly probable if the device remains on the network.

Generated by OpenCVE AI on May 4, 2026 at 17:22 UTC.

Remediation

Vendor Workaround

This product is End-of-Life (EOL) and will NOT receive patches. Users should replace the device. Temporary: connect via backdoor and run "killall telnetd" and "iptables -A INPUT -p tcp --dport 23 -j DROP" (lost on reboot).

OpenCVE Recommended Actions

  • Replace the D‑Link DIR‑605L router with a supported model that receives security updates
  • If replacement is not possible, disable the backdoor by connecting via the temporary credentials, running "killall telnetd" and adding a rule such as "iptables -A INPUT -p tcp --dport 23 -j DROP" to block telnet traffic
  • Enforce network segmentation or firewall rules to isolate the device and prohibit external hosts from accessing its telnet port

Generated by OpenCVE AI on May 4, 2026 at 17:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link dir-605l Firmware
Vendors & Products D-link
D-link dir-605l Firmware

Mon, 04 May 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 04 May 2026 16:30:00 +0000

Type Values Removed Values Added
Description D-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn76_dlwbr_dir605L" read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control. The device has reached End-of-Life (EOL) and will not receive patches.
Title D-Link DIR-605L B2 Hardcoded Telnet Backdoor Credentials
First Time appeared Dlink
Dlink dir-605l Firmware
Weaknesses CWE-798
CPEs cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink dir-605l Firmware
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

D-link Dir-605l Firmware
Dlink Dir-605l Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: securin

Published:

Updated: 2026-05-04T16:34:37.195Z

Reserved: 2026-04-27T06:21:56.901Z

Link: CVE-2026-42373

cve-icon Vulnrichment

Updated: 2026-05-04T16:34:26.999Z

cve-icon NVD

Status : Received

Published: 2026-05-04T17:16:25.527

Modified: 2026-05-04T17:16:25.527

Link: CVE-2026-42373

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T17:30:04Z

Weaknesses