Description
D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn35_dlwbr_dir600l" read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control. The device has reached End-of-Life (EOL) and will not receive patches.
Published: 2026-05-04
Score: 9.8 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a hardcoded Telnet backdoor that is enabled at boot on the D-Link DIR‑600L Hardware Revision A1. The device launches a Telnet daemon (telnetd) with the fixed username Alphanetworks and the static password wrgn35_dlwbr_dir600l. Authentication is performed by a custom login binary that uses strcmp() to validate the credentials. An unauthenticated attacker who can reach the device on the local network can thus obtain a root shell, giving full administrative control over the router. This flaw is a classic example of CWE‑798 (Use of Hard‑coded Credentials).

Affected Systems

This flaw affects D‑Link DIR‑600L firmware on the Hardware Revision A1. The product has reached end‑of‑life and is not supported by the vendor. No patch or firmware update exists for this version.

Risk and Exploitability

The CVSS score of 9.8 reflects the severity of the flaw. The EPSS score is not available, indicating that the exploitation probability is currently unknown or not publicly reported. The flaw is not in the CISA KEV catalog. Based on the description, it is inferred that the likely attack vector is an attacker on the local network who connects to the Telnet service using the embedded credentials. The backdoor credentials are embedded in the firmware and can be used without additional setup, making exploitation very straightforward. Because the device is EOL, the only long‑term mitigation is replacement; temporary measures include disabling the Telnet daemon or blocking port 23.

Generated by OpenCVE AI on May 4, 2026 at 17:22 UTC.

Remediation

Vendor Workaround

This product is End-of-Life and will NOT receive patches. Users should replace the device. Temporary: connect via backdoor and run "killall telnetd" and "iptables -A INPUT -p tcp --dport 23 -j DROP" (lost on reboot).

OpenCVE Recommended Actions

  • Replace the D-Link DIR‑600L with a supported, actively maintained model.
  • If replacement is not immediately possible, connect to the device using the hardcoded credentials and terminate the Telnet daemon by running 'killall telnetd'.
  • Persistently block incoming Telnet traffic on port 23 by adding a firewall rule such as 'iptables -A INPUT -p tcp --dport 23 -j DROP', ensuring the rule survives reboots.

Generated by OpenCVE AI on May 4, 2026 at 17:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link dir-600l Firmware
Vendors & Products D-link
D-link dir-600l Firmware

Mon, 04 May 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 04 May 2026 16:30:00 +0000

Type Values Removed Values Added
Description D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn35_dlwbr_dir600l" read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control. The device has reached End-of-Life (EOL) and will not receive patches.
Title D-Link DIR-600L A1 Hardcoded Telnet Backdoor Credentials
First Time appeared Dlink
Dlink dir-600l Firmware
Weaknesses CWE-798
CPEs cpe:2.3:o:dlink:dir-600l_firmware:*:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink dir-600l Firmware
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

D-link Dir-600l Firmware
Dlink Dir-600l Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: securin

Published:

Updated: 2026-05-04T16:32:50.811Z

Reserved: 2026-04-27T06:21:56.902Z

Link: CVE-2026-42375

cve-icon Vulnrichment

Updated: 2026-05-04T16:32:35.375Z

cve-icon NVD

Status : Received

Published: 2026-05-04T17:16:25.847

Modified: 2026-05-04T17:16:25.847

Link: CVE-2026-42375

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T18:30:05Z

Weaknesses