CVE-2026-42373

Name of the Vulnerable Software and Affected Versions D-Link DIR-605L Hardware Revision B2

Description A hardcoded telnet backdoor exists where the device starts a telnet daemon at boot via the /bin/telnetd.sh script. The system uses the username "Alphanetworks" and a static password "wrgn76 dlwbr dir605L" stored in /etc/alpha config/image sign. The custom telnetd binary utilizes a -u user:password flag, and the login binary employs the strcmp() function to validate credentials. An unauthenticated attacker on the local network can exploit this to gain a root shell with full administrative control.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.