CVE-2026-6947 D-Link CVE debrief

Who should care

Organizations deploying D-Link DWM-222W USB Wi-Fi Adapters for mobile broadband connectivity, particularly in enterprise environments where these devices may be distributed to remote workers or field personnel. Security teams responsible for IoT and peripheral device security, network administrators managing wireless infrastructure, and incident response teams monitoring for authentication-based attacks should prioritize awareness of this vulnerability.

Technical summary

The D-Link DWM-222W USB Wi-Fi Adapter fails to properly restrict excessive authentication attempts (CWE-307), allowing attackers on adjacent networks to bypass rate limiting and brute-force credentials. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N) indicates network accessibility with low complexity, no required privileges or user interaction, and high integrity impact. Successful exploitation grants attacker control over the device. The adjacent network attack vector suggests the threat actor must be on the same network segment as the target device.

Defensive priority

HIGH

Recommended defensive actions

• Review and restrict physical and network access to D-Link DWM-222W USB Wi-Fi Adapter devices to trusted personnel only, given the adjacent network attack vector requirement
• Monitor for anomalous authentication patterns or repeated failed login attempts that may indicate exploitation attempts
• Contact D-Link support to confirm affected firmware versions and availability of security patches
• Consider implementing network segmentation to isolate affected devices from untrusted network segments
• Disable remote administrative interfaces on affected devices if not required for operations

Evidence notes

Primary evidence sourced from Taiwan CERT (TWCERT) advisories. NVD record status is 'Deferred'. CVSS 4.0 vector indicates network attack vector with low attack complexity, no privileges required, and high impact to integrity.

Official resources