CVE-2024-11068

Published: Nov 11, 2024Modified: Nov 24, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: twcert@cert.org.tw (Secondary)

Description

The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account.

Affected (1)

Products: Dlink: Dsl6740c Firmware

1 product

Dsl6740c Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dsl6740c Firmware	All versions

Running on/with	Platform Versions
Dlink Dsl6740c	All versions

Related CWEs

Incorrect Use of Privileged APIs

The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.

References (3)

https://www.twcert.org.tw/en/cp-139-8234-0514c-2.html

Source: twcert@cert.org.tw

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-8227-f3f3b-1.html

Source: twcert@cert.org.tw

Third Party Advisory

https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-bug-in-60-000-exposed-eol-modems/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.