CVE-2026-42373
D-Link · DIR-605L
D-Link DIR-605L revision B2 contains a hardcoded telnet backdoor, allowing unauthenticated attackers on the local network to gain full administrative root access.
Executive summary
A critical hardcoded backdoor in the D-Link DIR-605L router exposes the device to complete administrative compromise by unauthenticated attackers.
Vulnerability
The device features a hardcoded telnet backdoor with static credentials, enabling an unauthenticated attacker on the local network to obtain a root shell via the telnet daemon.
Business impact
This vulnerability carries a CVSS score of 9.8, reflecting its critical severity. Successful exploitation grants an attacker full administrative control over the network gateway, potentially leading to total network interception, internal reconnaissance, and the deployment of persistent malware within the infrastructure.
Remediation
Immediate Action: Given the device has reached End-of-Life (EOL) and will not receive a patch, the only effective remediation is to retire and replace the hardware immediately.
Proactive Monitoring: Monitor network traffic for unexpected telnet (port 23) connections and audit logs for successful logins originating from unauthorized internal IP addresses.
Compensating Controls: If immediate replacement is impossible, disable the telnet service via the device management interface or use an access control list (ACL) to strictly limit network access to the router’s management ports.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
The presence of a hardcoded backdoor in network infrastructure represents an unacceptable security risk. We strongly recommend decommissioning all affected D-Link DIR-605L units immediately to eliminate this vector of compromise.