Cyber Resilience

CVE-2026-6947

High

Published: 24 April 2026

Published
24 April 2026
Modified
19 May 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0045 36.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-6947 is a high-severity Improper Restriction of Excessive Authentication Attempts (CWE-307) vulnerability in Org (inferred from references). Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Brute Force (T1110); ranked at the 36.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-7 (Unsuccessful Logon Attempts) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-6947 is a Brute-Force Protection Bypass vulnerability in the DWM-222W USB Wi-Fi Adapter developed by D-Link. Published on 2026-04-24T04:16:23.170, the issue allows attackers to circumvent protections designed to limit login attempts. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) and maps to CWE-307 (Improper Restriction of Excessive Authentication Attempts).

Unauthenticated attackers on an adjacent network can exploit this vulnerability to bypass login attempt limits, enabling brute-force attacks against the device's authentication mechanism. Successful exploitation grants attackers control over the device, with high integrity impact but no confidentiality or availability disruption.

Advisories detailing the vulnerability, including potential mitigations, are available from TWCERT/CC at https://www.twcert.org.tw/en/cp-139-10865-de323-2.html and https://www.twcert.org.tw/tw/cp-132-10864-944b1-1.html.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, allowing unauthenticated adjacent network attackers to bypass login attempt limits to perform brute-force attacks to gain control over the device.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1110 Brute Force Credential Access
Adversaries may use brute force techniques to gain access to accounts when passwords are unknown or when password hashes are obtained.
Why these techniques?

The brute-force protection bypass directly enables T1110 Brute Force by allowing unlimited authentication attempts against the device's login mechanism.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-45364Shared CWE-307
CVE-2025-69246Shared CWE-307
CVE-2026-45010Shared CWE-307
CVE-2026-22278Shared CWE-307
CVE-2025-23368Shared CWE-307
CVE-2024-23106Shared CWE-307
CVE-2024-57610Shared CWE-307
CVE-2025-69615Shared CWE-307
CVE-2026-35597Shared CWE-307
CVE-2025-14362Shared CWE-307

Affected Assets

Org
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces limits on consecutive unsuccessful logon attempts and automatic account locking, preventing brute-force attacks that bypass the device's login attempt protections.

preventrecover

Identifies, reports, and corrects the specific software flaw in the DWM-222W allowing brute-force protection bypass through timely patching and flaw remediation.

detect

Requires audit records to capture details of unsuccessful logon attempts, enabling detection of brute-force activity even if attempt limits are bypassed.

References