D-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn76_dlwbr_dir605L" read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control. The device has reached End-of-Life (EOL) and will not receive patches.
When the device boots, the /bin/telnetd.sh script automatically starts the telnet service with predefined login credentials: username 'Alphanetworks' and static password 'wrgn76_dlwbr_dir605L' read from the /etc/alpha_config/image_sign file. The non-standard telnetd binary accepts a -u user:password flag, and the non-standard login binary verifies credentials solely through strcmp() function, which is trivially vulnerable to abuse. An attacker on the local network can log in using these static credentials, gaining full administrative access.
Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control over the device, enabling network traffic hijacking, configuration modification, and further lateral movement within the network.
The manufacturer will not provide and does not plan to release a patch due to the device's End-of-Life status. It is recommended to immediately withdraw DIR-605L B2 devices from operation and replace them with supported hardware. As interim remedial measures, the device should be isolated from untrusted network segments, telnet port access (default TCP 23) should be blocked at the firewall level, and device access should be restricted exclusively to trusted hosts.
D-Link DIR-605L in hardware version B2 (End-of-Life / EOL status)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDlink Dir 605l
HWDlinkb2Dlink Dir 605l Firmware
OSDlinkwszystkie wersje
Related vulnerabilities
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInt...
Stack-based buffer overflow w D-Link DIR-605L — RCE bez uwierzytelnienia
D-Link DIR-605L firmware version 1.17B01 BETA is vulnerable to stack overflow via /goform/formTcpipSetup,
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime paramete...
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime paramete...