Description
DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, allowing unauthenticated adjacent network attackers to bypass login attempt limits to perform brute-force attacks to gain control over the device.
Published: 2026-04-24
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Device Compromise
Action: Patch Immediately
AI Analysis

Impact

A vulnerability in the D-Link DWM-222W USB Wi‑Fi Adapter allows an unauthenticated attacker on an adjacent network to bypass the device’s brute‑force protection and perform unlimited login attempts. By exhausting the authentication mechanism, the attacker can eventually obtain valid credentials and gain full control of the device. The weakness is a classic authentication bypass (CWE‑307).

Affected Systems

The affected product is the D-Link DWM-222W USB Wi‑Fi Adapter. Any firmware revision earlier than 1.02.00 is vulnerable; firmware 1.02.00 and later contain the fix.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity. The EPSS score is less than 1 %, suggesting that the probability of exploitation is currently very low and the vulnerability is not listed in CISA’s KEV catalog. Bypassing the brute‑force protection requires an attacker to be present on the local network or in close proximity, so the attack vector is local. Once the attacker has bypassed the limits, standard brute‑force techniques can be used to gain device access and, potentially, remote control.

Generated by OpenCVE AI on April 28, 2026 at 20:24 UTC.

Remediation

Vendor Solution

Please update firmware to version 1.02.00 or later.

OpenCVE Recommended Actions

  • Apply the official firmware update to version 1.02.00 or later
  • Restrict local network access to the adapter by segmenting or isolating the Wi‑Fi network
  • Change default credentials and enforce strong, unique passwords

Generated by OpenCVE AI on April 28, 2026 at 20:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link dwm-222w
Vendors & Products D-link
D-link dwm-222w

Fri, 24 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 24 Apr 2026 04:00:00 +0000

Type Values Removed Values Added
Description DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, allowing unauthenticated adjacent network attackers to bypass login attempt limits to perform brute-force attacks to gain control over the device.
Title D-Link|DWM-222W USB Wi-Fi Adapter - Brute-Force Protection Bypass
Weaknesses CWE-307
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

D-link Dwm-222w
cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2026-04-24T12:04:06.261Z

Reserved: 2026-04-24T03:33:37.109Z

Link: CVE-2026-6947

cve-icon Vulnrichment

Updated: 2026-04-24T12:04:00.487Z

cve-icon NVD

Status : Deferred

Published: 2026-04-24T04:16:23.170

Modified: 2026-05-19T15:52:30.143

Link: CVE-2026-6947

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T20:30:06Z

Weaknesses