Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Information Disclosure
D-Link
Dir 600 B1 Firmware
Dir 615 J1 Firmware
Dir 645 A1 Firmware
+4
NVD
GitHub
CVSS 3.1
9.8
EPSS
1.5%