CVE-2024-45696
published 2024-09-16CVE-2024-45696: Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the…
high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the same local network as the device.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| d-link | covr-x1870 | <= 1.02 | — |
| d-link | dir-x4860_a1 | — | — |
| d-link | dir-x4860_a1 | — | — |
| dlink | covr-x1870_firmware | < 1.03b01 | 1.03b01 |
| dlink | dir-x4860_firmware | — | — |
| dlink | dir-x4860_firmware | — | — |