Cyber Resilience

CVE-2026-2056

MediumPublic PoC

Published: 06 February 2026

Published
06 February 2026
Modified
17 February 2026
KEV Added
Patch
CVSS Score v4 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0010 27.8th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-2056 is a medium-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Dlink Dir-605L Firmware. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 27.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SA-22 (Unsupported System Components).

Deeper analysis

CVE-2026-2056 is an information disclosure vulnerability affecting D-Link DIR-605L and DIR-619L routers running firmware versions 2.06B01 or 2.13B01. The issue resides in an unknown function within the file /wan_connection_status.asp, part of the DHCP Connection Status Handler component. Manipulation of this function enables the exposure of sensitive information, with a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N), mapped to CWEs 200 and 284.

The vulnerability allows remote attackers to exploit it over the network with low complexity and no required privileges or user interaction. Successful exploitation results in limited disclosure of confidential information, such as details potentially related to DHCP connection status, without impacting integrity or availability.

References, including proof-of-concept exploits on GitHub and entries on VulDB, confirm public disclosure of the exploit. The affected products are no longer supported by the maintainer, leaving no official patches or mitigations available; security practitioners should isolate or retire these end-of-life devices to prevent exploitation.

EU & UK References

Vulnerability details

A security vulnerability has been detected in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The impacted element is an unknown function of the file /wan_connection_status.asp of the component DHCP Connection Status Handler. The manipulation leads to information disclosure. Remote exploitation of the…

more

attack is possible. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1602.002 Network Device Configuration Dump Collection
Adversaries may access network configuration files to collect sensitive data about the device and the network.
Why these techniques?

Direct unauthenticated remote access to device config/status page enables public-facing app exploitation and network device config data retrieval.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-2055Same product: Dlink Dir-605L
CVE-2026-2054Same product: Dlink Dir-605L
CVE-2025-2548Same product: Dlink Dir-605L
CVE-2025-55611Same product: Dlink Dir-619L
CVE-2026-5983Same product: Dlink Dir-605L
CVE-2026-5981Same product: Dlink Dir-605L
CVE-2025-55599Same product: Dlink Dir-619L
CVE-2026-5980Same product: Dlink Dir-605L
CVE-2025-55602Same product: Dlink Dir-619L
CVE-2025-0481Same vendor: Dlink

Affected Assets

dlink
dir-605l firmware
2.06b01
dlink
dir-619l firmware
2.13b01

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces access control on the /wan_connection_status.asp endpoint to block unauthenticated remote retrieval of DHCP status information.

prevent

Requires replacement or isolation of the explicitly unsupported DIR-605L/DIR-619L devices that receive no patches for this flaw.

prevent

Boundary-protection mechanisms can restrict network access to the router's web interface, limiting remote exploitation of the disclosure vulnerability.

References