D-Link DSL2600U 'rom-0' Admin Password Disclosure

60% confidence

Description

The D-Link DSL2600U router firmware version v1.08 allows remote attackers to disclose the admin password by accessing the '/rom-0' endpoint, which contains decompressible data containing the password in plaintext.

Affected Products

Vendor	Product	Versions
d-link	dsl2600u	DSL-2600U, v1.08

Related News (1 articles)

Tier C

Exploit-DB19h ago

[hardware] D-Link DSL2600U - 'rom-0' Admin Password Disclosure

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

CWECWE-200

PublishedMay 26, 2026

Last enriched4h ago

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

NONECVE-2018-25358EXP

D-Link DIR601 2.02NA Credential Disclosure via my_cgi.cgi

Trending: 38

NONECVE-2026-8271

D-Link DNS-320 network_mgr.cgi cgi_upnp_edit os command injection

Trending: 5

CRITICALCVE-2026-42376

D-Link DIR-456U A1 Hardcoded Telnet Backdoor Credentials

Trending: 5

NONECVE-2026-8346

D-Link DIR-816 portForward command injection

Trending: 5

NONECVE-2026-8344

D-Link DIR-816 formDMZ.cgi sub_445E7C command injection

Trending: 5

Pin to Dashboard

Verification

State: reported

Confidence: 60%

Vulnerability Timeline

CVE Published

May 26, 2026

Exploit Available

May 26, 2026

Discovered by ZDM

May 26, 2026