D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the …

D-Link DIR-600L Hardware Revision A1 contains a hardcoded telnet backdoor vulnerability. The device automatically starts a telnet daemon at boot with hardcoded credentials (username: Alphanetworks, password: wrgn35_dlwbr_dir600l). Successful authentication grants attackers on the local network a root shell with full administrative control. The vulnerability affects end-of-life devices that will not receive security patches. The backdoor credentials are stored in /etc/alpha_config/image_sign and validated using strcmp() function. This represents a critical security flaw allowing complete device compromise for local network attackers.