Cyber Posture

CVE-2026-6947

High

Published: 24 April 2026

Published
24 April 2026
Modified
24 April 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score 0.0006 17.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-6947 is a high-severity Improper Restriction of Excessive Authentication Attempts (CWE-307) vulnerability in Org (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Brute Force (T1110); ranked at the 17.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-7 (Unsuccessful Logon Attempts) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Brute Force (T1110). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-7 Unsuccessful Logon Attempts good match
prevent

Directly enforces limits on consecutive unsuccessful logon attempts and automatic account locking, preventing brute-force attacks that bypass the device's login attempt protections.

SI-2 Flaw Remediation good match
preventrecover

Identifies, reports, and corrects the specific software flaw in the DWM-222W allowing brute-force protection bypass through timely patching and flaw remediation.

AU-3 Content of Audit Records partial match
detect

Requires audit records to capture details of unsuccessful logon attempts, enabling detection of brute-force activity even if attempt limits are bypassed.

MITRE ATT&CK Enterprise TechniquesAI

T1110 Brute Force Credential Access
Adversaries may use brute force techniques to gain access to accounts when passwords are unknown or when password hashes are obtained.
attack.mitre.org →
Why these techniques?

The brute-force protection bypass directly enables T1110 Brute Force by allowing unlimited authentication attempts against the device's login mechanism.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, allowing unauthenticated adjacent network attackers to bypass login attempt limits to perform brute-force attacks to gain control over the device.

Deeper analysisAI

CVE-2026-6947 is a Brute-Force Protection Bypass vulnerability in the DWM-222W USB Wi-Fi Adapter developed by D-Link. Published on 2026-04-24T04:16:23.170, the issue allows attackers to circumvent protections designed to limit login attempts. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) and maps to CWE-307 (Improper Restriction of Excessive Authentication Attempts).

Unauthenticated attackers on an adjacent network can exploit this vulnerability to bypass login attempt limits, enabling brute-force attacks against the device's authentication mechanism. Successful exploitation grants attackers control over the device, with high integrity impact but no confidentiality or availability disruption.

Advisories detailing the vulnerability, including potential mitigations, are available from TWCERT/CC at https://www.twcert.org.tw/en/cp-139-10865-de323-2.html and https://www.twcert.org.tw/tw/cp-132-10864-944b1-1.html.

Details

CWE(s)
CWE-307

Affected Products

Org
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-69246Shared CWE-307
CVE-2025-23368Shared CWE-307
CVE-2026-22278Shared CWE-307
CVE-2026-35597Shared CWE-307
CVE-2025-14362Shared CWE-307
CVE-2025-69615Shared CWE-307
CVE-2024-57610Shared CWE-307
CVE-2025-12547Shared CWE-307
CVE-2026-33667Shared CWE-307
CVE-2026-32025Shared CWE-307

References