Description
D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn61_dlwbr_dir600L" read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control.  The device has reached End-of-Life (EOL) and will not receive patches.
Published: 2026-05-04
Score: 9.8 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The D-Link DIR-600L Hardware Revision B1 contains a hardcoded Telnet backdoor that is activated at boot. A fixed username and password are read from the internal configuration file and passed to a custom telnet daemon, which compares credentials using a simple string comparison. Because no authentication is required beyond the hardcoded credentials, an unauthenticated attacker on the local network can obtain a root shell and gain full administrative control over the device. The weakness is a hardcoded credential flaw (CWE-798).

Affected Systems

This vulnerability affects the D-Link DIR-600L router running firmware on hardware revision B1. The device is End-of-Life and will not receive official updates from the vendor.

Risk and Exploitability

The CVSS score of 9.8 indicates critical severity, with full confidentiality, integrity, and availability compromise possible. EPSS data is unavailable, and the vulnerability is not listed in CISA’s KEV catalog, but the same hardcoded credentials can be used by any local network attacker. The likely attack vector is an attacker who can directly reach the device over the local network, such as through a compromised workstation or an open guest Wi-Fi. Given its critical score and the absence of a patch, the risk remains high until the device is replaced or isolated.

Generated by OpenCVE AI on May 4, 2026 at 17:22 UTC.

Remediation

Vendor Workaround

This product is End-of-Life (EOL) and will NOT receive patches. Users should replace the device. Temporary: connect via backdoor and run "killall telnetd" and "iptables -A INPUT -p tcp --dport 23 -j DROP" (lost on reboot).

OpenCVE Recommended Actions

  • Replace the EOL unit with a supported, up-to-date router that does not expose a Telnet backdoor.
  • If replacement is not immediately possible, stop the telnet daemon at boot (for example with the "killall telnetd" command) and block inbound Telnet traffic with a firewall rule that is re-applied after reboot.
  • Isolate the router from the rest of the local network by placing it on a separate VLAN or subnet and restricting access to administrative ports.

Generated by OpenCVE AI on May 4, 2026 at 17:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link dir-600l Firmware
Vendors & Products D-link
D-link dir-600l Firmware

Mon, 04 May 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 04 May 2026 16:30:00 +0000

Type Values Removed Values Added
Description D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn61_dlwbr_dir600L" read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control.  The device has reached End-of-Life (EOL) and will not receive patches.
Title D-Link DIR-600L B1 Hardcoded Telnet Backdoor Credentials
First Time appeared Dlink
Dlink dir-600l Firmware
Weaknesses CWE-798
CPEs cpe:2.3:o:dlink:dir-600l_firmware:*:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink dir-600l Firmware
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

D-link Dir-600l Firmware
Dlink Dir-600l Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: securin

Published:

Updated: 2026-05-04T16:35:14.926Z

Reserved: 2026-04-27T06:21:56.902Z

Link: CVE-2026-42374

cve-icon Vulnrichment

Updated: 2026-05-04T16:35:03.333Z

cve-icon NVD

Status : Received

Published: 2026-05-04T17:16:25.703

Modified: 2026-05-04T17:16:25.703

Link: CVE-2026-42374

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T17:30:04Z

Weaknesses