Login Sign Up

CVE-2026-1685

3.7 LOW
Authentication Bypass

📋 TL;DR

This vulnerability in D-Link DIR-823X routers allows attackers to bypass authentication attempt limits, potentially enabling brute-force attacks on login credentials. It affects users of specific D-Link router models and can be exploited remotely, though with high complexity. The exploit is publicly available, increasing potential risk.

💻 Affected Systems

Products:
  • D-Link DIR-823X
Versions: 250416
Operating Systems: Embedded router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the specific firmware version mentioned; other versions may also be vulnerable but unconfirmed.

📦 What is this software?

Dir 823x Firmware by Dlink

View all CVEs affecting Dir 823x Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Successful brute-force attack leading to unauthorized administrative access to the router, enabling network compromise, traffic interception, or device takeover.

🟠

Likely Case

Increased risk of credential brute-forcing attempts, potentially leading to unauthorized access if weak credentials are used.

🟢

If Mitigated

Limited impact with strong authentication controls, rate limiting at network level, and monitoring for brute-force attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: HIGH

Exploit is publicly available on GitHub, but attack complexity is rated as high, making widespread exploitation less likely.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.dlink.com/

Restart Required: No

Instructions:

Check D-Link website for firmware updates. If available, download and apply the latest firmware through the router's web interface.

🔧 Temporary Workarounds

Implement Network-Level Rate Limiting

all

Use firewall or network security devices to limit authentication attempts to the router's management interface.

Change Default Credentials

all

Ensure strong, unique administrative passwords are set to reduce brute-force success probability.

🧯 If You Can't Patch

  • Isolate router management interface from untrusted networks using VLANs or firewall rules.
  • Implement monitoring and alerting for repeated failed login attempts to detect brute-force attacks.

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in web interface. If version is 250416, device is likely vulnerable.

Check Version:

Login to router web interface and navigate to System > Firmware or similar section.

Verify Fix Applied:

Verify firmware has been updated to a version later than 250416 through the router's admin interface.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed login attempts from single IP address
  • Unusual authentication patterns

Network Indicators:

  • High volume of HTTP POST requests to login endpoint
  • Traffic patterns suggesting brute-force tools

SIEM Query:

source="router_logs" AND (event_type="authentication_failure" AND count > 10 within 5 minutes)

📊 Metadata

CVE ID: CVE-2026-1685
CVSS v3 Score: 3.7 (LOW)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-307
EPSS Score: 0.13% exploit probability (33.1th percentile)
Published: January 30, 2026
Last Updated: February 20, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-1685, you might also want to check these:

CVE-2023-1665 9.8

This vulnerability allows attackers to perform unlimited authentication attempts against Twake insta...

Same vulnerability type (CWE-307)
CVE-2020-28212 9.8

This vulnerability allows attackers to perform brute force attacks against the PLC Simulator in EcoS...

Same vulnerability type (CWE-307)
CVE-2024-9342 9.8

CVE-2024-9342 allows attackers to perform unlimited brute-force login attempts against Eclipse Glass...

Same vulnerability type (CWE-307)