CVE-2025-46176

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions D-Link DIR-605L version 2.13B01 D-Link DIR-816L version 2.06B01

Description The issue concerns hardcoded credentials in the Telnet service, allowing attackers to remotely execute arbitrary commands via firmware analysis.

Recommendations For D-Link DIR-605L version 2.13B01, consider disabling the Telnet service until a patch is available. For D-Link DIR-816L version 2.06B01, consider disabling the Telnet service until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Using Hardcoded Credentials

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798CWE-77

Related Identifiers

BDU:2025-06001

CVE-2025-46176

Affected Products

D-Link Dir-605L

D-Link Dir-816L

CVE-2025-46176

Weakness Enumeration

Related Identifiers

Affected Products

References · 11