CVE-2024-45697

Published: Sep 16, 2024Modified: Sep 19, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: twcert@cert.org.tw (Secondary)

Description

Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials.

Affected (2)

Products: Dlink: Dir X4860 Firmware

Dlink

1 product

Dir X4860 Firmware

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir X4860 Firmware	Version 1.00
Dlink Dir X4860 Firmware	Version 1.04

Running on/with	Platform Versions
Dlink Dir X4860	Version a1

Related CWEs

CWE-912

Hidden Functionality

The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.

References (2)

https://www.twcert.org.tw/en/cp-139-8089-32df6-2.html

Source: twcert@cert.org.tw

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-8088-590ed-1.html

Source: twcert@cert.org.tw

Third Party Advisory

Timeline

No history available yet.