Description
D-Link DIR-456U Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /etc/init0.d/S80telnetd.sh with the username "Alphanetworks" and the static password "whdrv01_dlob_dir456U" read from /etc/config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control. The device has reached End-of-Life (EOL) and will not receive patches.
Published: 2026-05-04
Score: 9.8 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a telnet daemon that starts automatically when the DIR‑456U A1 firmware boots. The daemon uses a fixed username, "Alphanetworks", and a static password, "whdrv01_dlob_dir456U", read from a configuration file, and the login routine verifies them with a simple string comparison. Because the credentials are hard‑coded and no further authentication is required, an attacker who can reach the device on the local network can obtain a root shell, giving full administrative control. This represents a hard‑coded credential weakness (CWE‑798) that leads to remote code execution.

Affected Systems

Affected devices are D‑Link DIR‑456U routers, revision A1. The hardware is End‑of‑Life and will no longer receive security updates. No specific firmware version is listed; the device simply runs the legacy A1 firmware that includes the backdoor logic.

Risk and Exploitability

The CVSS score of 9.8 classifies this as critical. No EPSS score is available, but the trivial authentication and direct root access make exploitation highly likely, especially in environments where the router is connected to untrusted networks. The vulnerability is not listed in the CISA KEV catalog, yet the straightforward local‑network attack path makes it attractive to adversaries.

Generated by OpenCVE AI on May 4, 2026 at 17:50 UTC.

Remediation

Vendor Workaround

This product is End-of-Life (EOL) and will NOT receive patches. Users should replace the device. Temporary: connect via backdoor and run "killall telnetd" and "iptables -A INPUT -p tcp --dport 23 -j DROP" (lost on reboot).

OpenCVE Recommended Actions

  • Replace the DIR‑456U router with a supported, security‑maintained alternative.
  • If immediate replacement is not possible, log in via telnet using the hard‑coded credentials, run "killall telnetd" to stop the service, then add a firewall rule "iptables -A INPUT -p tcp --dport 23 -j DROP" to block subsequent access to port 23 until the device reboots, recalling that the rule is lost on restart.
  • Configure network segmentation or a boundary firewall to isolate the router from other devices, reducing the attack surface in case the backdoor is re‑enabled after a reboot.

Generated by OpenCVE AI on May 4, 2026 at 17:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link dir-456u Firmware
Vendors & Products D-link
D-link dir-456u Firmware

Mon, 04 May 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 04 May 2026 16:30:00 +0000

Type Values Removed Values Added
Description D-Link DIR-456U Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /etc/init0.d/S80telnetd.sh with the username "Alphanetworks" and the static password "whdrv01_dlob_dir456U" read from /etc/config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control. The device has reached End-of-Life (EOL) and will not receive patches.
Title D-Link DIR-456U A1 Hardcoded Telnet Backdoor Credentials
First Time appeared Dlink
Dlink dir-456u Firmware
Weaknesses CWE-798
CPEs cpe:2.3:o:dlink:dir-456u_firmware:*:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink dir-456u Firmware
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

D-link Dir-456u Firmware
Dlink Dir-456u Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: securin

Published:

Updated: 2026-05-04T16:32:10.149Z

Reserved: 2026-04-27T06:21:56.902Z

Link: CVE-2026-42376

cve-icon Vulnrichment

Updated: 2026-05-04T16:31:59.231Z

cve-icon NVD

Status : Received

Published: 2026-05-04T17:16:26.000

Modified: 2026-05-04T17:16:26.000

Link: CVE-2026-42376

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T19:44:07Z

Weaknesses