CVE-2024-11067Relative Path Traversal in D-link Dsl6740c

CWE-23Relative Path Traversal4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 48.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
D-link Dsl6740c
Timeline
PublishedNov 11
Latest updateNov 12

Description

The D-Link DSL6740C modem has a Path Traversal Vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. Additionally, since the device's default password is a combination of the MAC address, attackers can obtain the MAC address through this vulnerability and attempt to log in to the device using the default password.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

CVEListV5d-link/dsl6740c0

🔴Vulnerability Details

2
GHSA
GHSA-f3qc-f3rx-3hrm: The D-Link DSL6740C modem has a Path Traversal Vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrar2024-11-11
CVEList
D-Link DSL6740C - Arbitrary File Reading through Path Traversal2024-11-11

🕵️Threat Intelligence

1
Bleepingcomputer
D-Link won’t fix critical bug in 60,000 exposed EoL modems2024-11-12
CVE-2024-11067 — Relative Path Traversal in D-link | cvebase