CVE-2026-42374: CWE-798 Use of Hard-coded Credentials in D-Link DIR-600L Firmware
The D-Link DIR-600L Hardware Revision B1 firmware contains a hardcoded telnet backdoor with fixed credentials. This backdoor starts a telnet daemon at boot using the username "Alphanetworks" and a static password stored in a configuration file. Authentication is performed via a custom login binary using simple string comparison, granting root shell access to any attacker on the local network without prior authentication. The device is End-of-Life and will not receive patches for this vulnerability. The CVSS score is 9.8, indicating critical severity.
AI Analysis
Technical Summary
CVE-2026-42374 is a critical vulnerability in the D-Link DIR-600L B1 firmware involving hardcoded credentials for a telnet backdoor. The device launches a telnet daemon at startup with a fixed username and password, allowing unauthenticated local attackers to gain root access. The authentication mechanism uses a custom login binary that validates credentials with strcmp(), which does not mitigate the risk of credential exposure. Since the device is End-of-Life, no official patches or fixes are available.
Potential Impact
An attacker on the local network can gain full administrative control of the affected device by authenticating to the hardcoded telnet backdoor. This grants root shell access, enabling complete compromise of the device, including potential network pivoting and disruption of network services. The vulnerability affects confidentiality, integrity, and availability of the device and connected network segments.
Mitigation Recommendations
The device is End-of-Life and will not receive patches or official fixes. Mitigation requires discontinuing use of the affected hardware or isolating it from untrusted local networks to prevent unauthorized access. Network segmentation or disabling telnet access (if possible) may reduce exposure, but no vendor-supported remediation exists.
CVE-2026-42374: CWE-798 Use of Hard-coded Credentials in D-Link DIR-600L Firmware
Description
The D-Link DIR-600L Hardware Revision B1 firmware contains a hardcoded telnet backdoor with fixed credentials. This backdoor starts a telnet daemon at boot using the username "Alphanetworks" and a static password stored in a configuration file. Authentication is performed via a custom login binary using simple string comparison, granting root shell access to any attacker on the local network without prior authentication. The device is End-of-Life and will not receive patches for this vulnerability. The CVSS score is 9.8, indicating critical severity.
CVSS v3.1
Score 9.8critical
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-42374 is a critical vulnerability in the D-Link DIR-600L B1 firmware involving hardcoded credentials for a telnet backdoor. The device launches a telnet daemon at startup with a fixed username and password, allowing unauthenticated local attackers to gain root access. The authentication mechanism uses a custom login binary that validates credentials with strcmp(), which does not mitigate the risk of credential exposure. Since the device is End-of-Life, no official patches or fixes are available.
Potential Impact
An attacker on the local network can gain full administrative control of the affected device by authenticating to the hardcoded telnet backdoor. This grants root shell access, enabling complete compromise of the device, including potential network pivoting and disruption of network services. The vulnerability affects confidentiality, integrity, and availability of the device and connected network segments.
Mitigation Recommendations
The device is End-of-Life and will not receive patches or official fixes. Mitigation requires discontinuing use of the affected hardware or isolating it from untrusted local networks to prevent unauthorized access. Network segmentation or disabling telnet access (if possible) may reduce exposure, but no vendor-supported remediation exists.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- securin
- Date Reserved
- 2026-04-27T06:21:56.902Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f8cb08cbff5d86103668ba
Added to database: 5/4/2026, 4:36:24 PM
Last enriched: 5/12/2026, 6:28:38 AM
Last updated: 6/19/2026, 2:24:39 AM
Views: 81
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.