CVE-2026-42375

Name of the Vulnerable Software and Affected Versions D-Link DIR-600L Hardware Revision A1

Description A hardcoded telnet backdoor exists in the device. At boot, the device starts a telnet daemon via the /bin/telnetd.sh script using the username "Alphanetworks" and a static password "wrgn35 dlwbr dir600l" stored in /etc/alpha config/image sign. The custom telnetd binary utilizes a -u user:password flag, and the login binary employs the strcmp() function to validate credentials. An unauthenticated attacker on the local network can exploit this to gain a root shell with full administrative control.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.