D-Link DIR-2640 HNAP PrivateLogin Authentication Bypass Vulnerability
Description
D-Link DIR-2640 HNAP PrivateLogin Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the web management interface, which listens on TCP port 80 by default. A crafted XML element in the login request can cause authentication to succeed without providing proper credentials. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-19545.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An authentication bypass in D-Link DIR-2640 routers via a crafted XML element in HNAP PrivateLogin requests allows network-adjacent attackers to gain admin access without credentials.
Vulnerability
The HNAP PrivateLogin action in the web management interface (TCP port 80) of D-Link DIR-2640 routers with firmware v1.11B02 and v1.11B02 Beta01 (all A hardware revisions) contains an authentication bypass. A crafted XML element in the login request can cause authentication to succeed without providing proper credentials [1][2].
Exploitation
An unauthenticated attacker with network-adjacent access (e.g., on the same LAN or Wi-Fi) sends a specially crafted SOAP/HNAP login request to the router's web interface. The request includes a malformed XML element that tricks the handler into granting access despite invalid credentials. No user interaction is required [2].
Impact
Successful exploitation allows the attacker to bypass authentication and gain administrative access to the router's management interface. This compromises the integrity of the device, enabling changes to configuration, potential further attacks, or disruption of network services. The confidentiality and availability of the device are not directly impacted [2].
Mitigation
D-Link has released a fixed firmware version v1.11B02_Beta_Hotfix for the DIR-2640 (all A series hardware revisions, US region) to address this vulnerability. Users should update to the latest firmware available from the D-Link support portal [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- supportannouncement.us.dlink.com/announcement/publication.aspxmitrevendor-advisory
- www.zerodayinitiative.com/advisories/ZDI-23-540/mitrex_research-advisory
News mentions
0No linked articles in our index yet.