CVE-2024-45696

Published: Sep 16, 2024Modified: Sep 19, 2024

8.8

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: twcert@cert.org.tw (Secondary)

Description

Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the same local network as the device.

Affected (3)

Products: Dlink: Covr X1870 Firmware, Dir X4860 Firmware

2 products

Covr X1870 Firmware

Dir X4860 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Covr X1870 Firmware	Before 1.03b01

Running on/with	Platform Versions
Dlink Covr X1870	All versions

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir X4860 Firmware	Version 1.00
Dlink Dir X4860 Firmware	Version 1.04

Running on/with	Platform Versions
Dlink Dir X4860	Version a1

Related CWEs

Hidden Functionality

The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.

References (2)

https://www.twcert.org.tw/en/cp-139-8087-c3e70-2.html

Source: twcert@cert.org.tw

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-8086-93ed5-1.html

Source: twcert@cert.org.tw

Third Party Advisory

Timeline

No history available yet.