cbcvebase.
CVE-2024-11068
published 2024-11-11

CVE-2024-11068: The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by…

PriorityP268critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.17%
63.6th percentile
The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account.

Affected

1 ranges
VendorProductVersion rangeFixed in
d-linkdsl6740c

Detection & IOCsextracted from sources · hover to see the quote

  • Internet-exposed D-Link DSL6740C modems are at risk; internet scans have returned tens of thousands of exposed endpoints for this EoL device
  • ·CVE-2024-11068 affects the D-Link DSL6740C modem (EoL device); no patch will be released by D-Link — all hardware and firmware revisions are affected
  • ·Technical exploitation details have been withheld from public disclosure to reduce mass exploitation risk
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.