CVE-2026-42376

D-Link · DIR-456U

D-Link DIR-456U Rev A1 contains a hardcoded telnet backdoor, allowing unauthenticated attackers on the local network to gain full root administrative control.

Executive summary

A critical hardcoded backdoor in the D-Link DIR-456U allows unauthorized remote attackers to gain full root-level administrative access to the device.

Vulnerability

The device features a hardcoded telnet backdoor utilizing a static username and password combination. This allows an unauthenticated attacker on the local network to bypass authentication mechanisms and execute commands with root privileges.

Business impact

This vulnerability carries a CVSS score of 9.8, indicating a critical risk of full system compromise. Because the device has reached End-of-Life (EOL), it will not receive security updates, leaving the network permanently exposed to potential lateral movement, data interception, or the use of the device as a persistent foothold for attackers within the internal network.

Remediation

Immediate Action: As this product is EOL and no patch will be provided, the only effective remediation is to retire and decommission the affected D-Link DIR-456U device immediately.

Proactive Monitoring: Monitor network traffic for unauthorized telnet connections (port 23) originating from or directed toward the device.

Compensating Controls: If immediate replacement is not possible, place the device on an isolated, restricted VLAN and disable all telnet access via firewall rules to block unauthorized inbound connections.

Exploitation status

Public Exploit Available: False

Analyst recommendation

Given that the vendor has declared this device End-of-Life, there is no path to remediation through patching. Organizations must prioritize the replacement of this hardware with a supported product to eliminate the risk of unauthorized administrative access and potential network-wide compromise.