Dir 605l Firmware
Sign in to watchby Dlink
CVEs (10)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-8361 | Cri | 0.86 | 9.8 | 0.94 | KEV | May 1, 2015 | The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023. |
| CVE-2026-42373 | Cri | 0.64 | 9.8 | 0.00 | May 4, 2026 | D-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn76_dlwbr_dir605L" read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control. The device has reached End-of-Life (EOL) and will not receive patches. | |
| CVE-2026-42372 | Hig | 0.57 | 8.8 | 0.00 | May 4, 2026 | D-Link DIR-605L Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn35_dlwbr_dir605l" read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control. The device has reached End-of-Life (EOL) and will not receive patches. | |
| CVE-2026-5984 | Hig | 0.57 | 8.8 | 0.00 | Apr 9, 2026 | A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the function formSetLog of the file /goform/formSetLog of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer. | |
| CVE-2026-5983 | Hig | 0.57 | 8.8 | 0.00 | Apr 9, 2026 | A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /goform/formSetDDNS of the component POST Request Handler. Executing a manipulation of the argument curTime can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer. | |
| CVE-2026-5982 | Hig | 0.57 | 8.8 | 0.00 | Apr 9, 2026 | A vulnerability was found in D-Link DIR-605L 2.13B01. This vulnerability affects the function formAdvNetwork of the file /goform/formAdvNetwork of the component POST Request Handler. Performing a manipulation of the argument curTime results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. | |
| CVE-2026-5981 | Hig | 0.57 | 8.8 | 0.00 | Apr 9, 2026 | A vulnerability has been found in D-Link DIR-605L 2.13B01. This affects the function formAdvFirewall of the file /goform/formAdvFirewall of the component POST Request Handler. Such manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |
| CVE-2026-5980 | Hig | 0.57 | 8.8 | 0.00 | Apr 9, 2026 | A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACFilter of the file /goform/formSetMACFilter of the component POST Request Handler. This manipulation of the argument curTime causes buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |
| CVE-2026-5979 | Hig | 0.57 | 8.8 | 0.00 | Apr 9, 2026 | A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |
| CVE-2017-9675 | Hig | 0.54 | 7.5 | 0.31 | Jun 15, 2017 | On D-Link DIR-605L devices, firmware before 2.08UIBetaB01.bin allows an unauthenticated GET request to trigger a reboot. |