CVE-2026-2056
Published: 06 February 2026
Summary
CVE-2026-2056 is a medium-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Dlink Dir-605L Firmware. Its CVSS base score is 5.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 27.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SA-22 (Unsupported System Components).
Deeper analysis
CVE-2026-2056 is an information disclosure vulnerability affecting D-Link DIR-605L and DIR-619L routers running firmware versions 2.06B01 or 2.13B01. The issue resides in an unknown function within the file /wan_connection_status.asp, part of the DHCP Connection Status Handler component. Manipulation of this function enables the exposure of sensitive information, with a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N), mapped to CWEs 200 and 284.
The vulnerability allows remote attackers to exploit it over the network with low complexity and no required privileges or user interaction. Successful exploitation results in limited disclosure of confidential information, such as details potentially related to DHCP connection status, without impacting integrity or availability.
References, including proof-of-concept exploits on GitHub and entries on VulDB, confirm public disclosure of the exploit. The affected products are no longer supported by the maintainer, leaving no official patches or mitigations available; security practitioners should isolate or retire these end-of-life devices to prevent exploitation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-5661
Vulnerability details
A security vulnerability has been detected in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The impacted element is an unknown function of the file /wan_connection_status.asp of the component DHCP Connection Status Handler. The manipulation leads to information disclosure. Remote exploitation of the…
more
attack is possible. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct unauthenticated remote access to device config/status page enables public-facing app exploitation and network device config data retrieval.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces access control on the /wan_connection_status.asp endpoint to block unauthenticated remote retrieval of DHCP status information.
Requires replacement or isolation of the explicitly unsupported DIR-605L/DIR-619L devices that receive no patches for this flaw.
Boundary-protection mechanisms can restrict network access to the router's web interface, limiting remote exploitation of the disclosure vulnerability.