D-Link DWM-222W CVE-2026-6947

| EUVD-2026-25395 HIGH
Improper Restriction of Excessive Authentication Attempts (CWE-307)
2026-04-24 twcert GHSA-j7j4-xj8f-m78g
Authentication Bypass D-Link
8.7
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Re-analysis Queued
Apr 24, 2026 - 14:52 vuln.today
cvss_changed
Patch available
Apr 24, 2026 - 05:31 EUVD
Analysis Generated
Apr 24, 2026 - 04:31 vuln.today
CVSS changed
Apr 24, 2026 - 04:22 NVD
7.5 (HIGH) 8.7 (HIGH)

DescriptionNVD

DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, allowing unauthenticated adjacent network attackers to bypass login attempt limits to perform brute-force attacks to gain control over the device.

AnalysisAI

Brute-force protection bypass in D-Link DWM-222W USB Wi-Fi Adapter allows remote unauthenticated attackers to perform unlimited authentication attempts against the device's login interface. The vulnerability eliminates rate limiting controls, enabling adversaries to systematically guess credentials until device takeover is achieved. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Identify and document all D-Link DWM-222W adapters in use across the organization (endpoints, remote workers, network infrastructure). Within 7 days: Isolate affected devices from production networks or disable remote management interfaces if operationally feasible; implement network-level access controls restricting login attempts to the adapter's management interface. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

More from same product – last 7 days

CVE-2026-7069 HIGH POC
7.3 Apr 27

Buffer overflow in D-Link DIR-825 router's miniupnpd service allows authenticated adjacent network attackers to achieve

CVE-2026-7248 HIGH
8.9 Apr 28

Remote code execution in D-Link DI-8100 router firmware 16.07.26A1 allows unauthenticated attackers to compromise the de
CVE-2026-7068 HIGH
7.4 Apr 27

Stack-based buffer overflow in D-Link DIR-825 firmware 3.00b32's nmbd NetBIOS service allows adjacent network attackers

CVE-2026-7288 HIGH
7.4 Apr 28

Buffer overflow in D-Link DIR-825M 1.1.12 router allows authenticated remote attackers to achieve high-severity code exe
CVE-2026-7289 HIGH
7.4 Apr 28

Remote authenticated attackers can execute arbitrary code on D-Link DIR-825M routers (firmware 1.1.12) by sending specia

Share

CVE-2026-6947 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy