Vulnerability cyber

D-Link

May 26, 2025 1 min read
D-Link

A significant security flaw (CVE-2025-46176) has exposed thousands of D-Link routers to remote code execution attacks through hardcoded Telnet credentials embedded in firmware. The vulnerability affects DIR-605L v2.13B01 and DIR-816L v2.06B01 models, scoring 6.5 on the CVSS v3.1 scale with medium severity. Security researchers discovered the flaw through firmware analysis, revealing that both router models contain default Telnet credentials that cannot be changed by users. The vulnerability allows unauthenticated attackers to bypass authentication and execute arbitrary commands remotely.

Source: https://cybersecuritynews.com/hard-coded-telnet-credentials-d-link-routers/

TPRM report: https://scoringcyber.rankiteo.com/company/d-link

"id": "d-l636052625",
"linkid": "d-link",
"type": "Vulnerability",
"date": "5/2025",
"severity": "50",
"impact": "",
"explanation": "Attack limited on finance or reputation: Attack with no impact but news about this attack in the press"
{'affected_entities': [{'industry': 'Networking Equipment',
                        'name': 'D-Link',
                        'type': 'Manufacturer'}],
 'attack_vector': 'Remote Code Execution',
 'description': 'A significant security flaw (CVE-2025-46176) has exposed '
                'thousands of D-Link routers to remote code execution attacks '
                'through hardcoded Telnet credentials embedded in firmware.',
 'impact': {'systems_affected': ['D-Link DIR-605L (v2.13B01)',
                                 'D-Link DIR-816L (v2.06B01)']},
 'initial_access_broker': {'entry_point': 'Telnet port 23'},
 'lessons_learned': 'The vulnerability highlights the ongoing security risks '
                    'associated with legacy networking equipment and embedded '
                    'hardcoded credentials in IoT devices.',
 'motivation': 'Unauthenticated access and arbitrary command execution',
 'post_incident_analysis': {'corrective_actions': ['Disable Telnet services',
                                                   'Restrict WAN access to '
                                                   'management ports',
                                                   'Block Telnet port 23 '
                                                   'through firewall rules',
                                                   'Replace affected devices '
                                                   'with supported models'],
                            'root_causes': 'Hardcoded Telnet credentials '
                                           'embedded in firmware'},
 'recommendations': 'Retire EOL devices due to the absence of security support '
                    'and the impossibility of removing hardcoded credentials '
                    'through configuration changes.',
 'response': {'containment_measures': ['Disable Telnet services',
                                       'Restrict WAN access to management '
                                       'ports',
                                       'Block Telnet port 23 through firewall '
                                       'rules',
                                       'Replace affected devices with '
                                       'supported models']},
 'title': 'Hardcoded Telnet Credentials Vulnerability in D-Link Routers',
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': 'CVE-2025-46176'}
Published by
Jeremy C
Jeremy C
You might also like
Vulnerability cyber

SBI

public 1 min read
A significant security flaw identified in the YONO SBI banking application exposes millions of users to cybersecurity threats. The vulnerability,…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.