Summary
| Parameter | Value |
|---|---|
| CVE ID | CVE-2026-42376 |
| Alert Source | GitHub Advisory - Critical Vulnerability |
| CVE Publication Year | 2026 |
| Date Published | 2026-05-04 |
| Vendor | D-Link |
| Product | DIR-456U |
| CVSS Score | 9.8 (critical) |
| EPSS Score | No data |
| CISA KEV | No |
| Ransomware | Not confirmed |
Vulnerability Description
D-Link DIR-456U Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /etc/init0.d/S80telnetd.sh with the username “Alphanetworks” and the static password “whdrv01_dlob_dir456U” read from /etc/config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell, allowing full takeover of the device.
Required Actions
The device has reached End-of-Life and is unlikely to receive a patch - it is recommended to replace it immediately with a vendor-supported model. Until replacement is complete, fully isolate the router from untrusted networks, block the telnet port (TCP/23) at the firewall, and restrict access to the network segment where the device resides. Scan D-Link devices in your infrastructure for indicators of compromise.
Who Is Affected?
This vulnerability affects DIR-456U by D-Link (Hardware Revision A1, EOL). Check whether your organization uses this router and plan its replacement immediately.
Sources
Need help securing your systems? nFlo team offers vulnerability management and 24/7 SOC services. Contact us.
