CVE-2026-6947: CWE-307 Improper restriction of excessive authentication attempts in D-Link DWM-222W
The D-Link DWM-222W USB Wi-Fi Adapter contains a vulnerability (CVE-2026-6947) that allows unauthenticated adjacent attackers to bypass brute-force protection mechanisms. This flaw enables attackers to perform unlimited login attempts, potentially gaining control over the device. The vulnerability is classified under CWE-307, indicating improper restriction of excessive authentication attempts. No official patch or remediation guidance has been provided by the vendor as of the publication date. The vulnerability has a high severity score of 8. 7 according to CVSS 4. 0 metrics.
AI Analysis
Technical Summary
CVE-2026-6947 is a high-severity vulnerability in the D-Link DWM-222W USB Wi-Fi Adapter that involves improper restriction of excessive authentication attempts (CWE-307). This flaw allows unauthenticated attackers in adjacent networks to bypass brute-force protection controls, enabling them to perform unlimited login attempts. The vulnerability could lead to unauthorized control over the device if exploited. The CVSS 4.0 score is 8.7, reflecting network attack vector, no required privileges or user interaction, and high impact on integrity. No patch or official remediation level has been disclosed by D-Link at this time.
Potential Impact
Successful exploitation of this vulnerability allows an unauthenticated attacker within adjacent network range to bypass login attempt restrictions and perform brute-force attacks. This can lead to unauthorized access and control over the affected D-Link DWM-222W device, potentially compromising device integrity and network security. There are no known exploits in the wild currently.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should restrict physical and network access to the device to trusted parties only and monitor for suspicious login attempts. No official vendor remediation or temporary fix is currently available.
CVE-2026-6947: CWE-307 Improper restriction of excessive authentication attempts in D-Link DWM-222W
Description
The D-Link DWM-222W USB Wi-Fi Adapter contains a vulnerability (CVE-2026-6947) that allows unauthenticated adjacent attackers to bypass brute-force protection mechanisms. This flaw enables attackers to perform unlimited login attempts, potentially gaining control over the device. The vulnerability is classified under CWE-307, indicating improper restriction of excessive authentication attempts. No official patch or remediation guidance has been provided by the vendor as of the publication date. The vulnerability has a high severity score of 8. 7 according to CVSS 4. 0 metrics.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-6947 is a high-severity vulnerability in the D-Link DWM-222W USB Wi-Fi Adapter that involves improper restriction of excessive authentication attempts (CWE-307). This flaw allows unauthenticated attackers in adjacent networks to bypass brute-force protection controls, enabling them to perform unlimited login attempts. The vulnerability could lead to unauthorized control over the device if exploited. The CVSS 4.0 score is 8.7, reflecting network attack vector, no required privileges or user interaction, and high impact on integrity. No patch or official remediation level has been disclosed by D-Link at this time.
Potential Impact
Successful exploitation of this vulnerability allows an unauthenticated attacker within adjacent network range to bypass login attempt restrictions and perform brute-force attacks. This can lead to unauthorized access and control over the affected D-Link DWM-222W device, potentially compromising device integrity and network security. There are no known exploits in the wild currently.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should restrict physical and network access to the device to trusted parties only and monitor for suspicious login attempts. No official vendor remediation or temporary fix is currently available.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- twcert
- Date Reserved
- 2026-04-24T03:33:37.109Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69eaec2d87115cfb68c0d956
Added to database: 4/24/2026, 4:06:05 AM
Last enriched: 4/24/2026, 4:21:06 AM
Last updated: 4/24/2026, 6:54:51 AM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.