216.73.217.98

CVE-2024-45696

· Published 16/09/2024 07:15 · Modified 19/09/2024 21:42

Labels: CVE-2024-45696 2024-09-16CVE-2024-45696CWE-912[email protected]

Essential information

Published
16/09/2024 07:15
Modified
19/09/2024 21:42
Author
Creator
CVSS
8.8 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the same local network as the device.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
dlink / covr-x1870 firmware cpe:2.3:o:dlink:covr-x1870_firmware:*:*:*:*:*:*:*:*
dlink / covr-x1870 cpe:2.3:h:dlink:covr-x1870:*:*:*:*:*:*:*:*
dlink / dir-x4860 firmware cpe:2.3:o:dlink:dir-x4860_firmware:1.00:*:*:*:*:*:*:*
dlink / dir-x4860 firmware cpe:2.3:o:dlink:dir-x4860_firmware:1.04:*:*:*:*:*:*:*
dlink / dir-x4860 cpe:2.3:h:dlink:dir-x4860:a1:*:*:*:*:*:*:*

References