CVE-2024-45696

CWE-9124 documents4 sources

Severity

8.8HIGH

EPSS

0.3%

top 47.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Covr-x1870 Firmware D-link Covr-x1870 D-link Dir-x4860 A1 +1 more

Timeline

PublishedSep 16

Description

Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the same local network as the device.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶NVDdlink/covr-x1870_firmware< 1.03b01

▶CVEListV5d-link/covr-x18701.02

▶CVEListV5d-link/dir-x4860_a11.00, 1.04+1

▶NVDdlink/dir-x4860_firmware1.00, 1.04+1

🔴Vulnerability Details

GHSA

GHSA-h9rg-jfq5-wf8g: Certain models of D-Link wireless routers contain hidden functionality↗2024-09-16

▶

CVEList

D-Link WiFi router - Hidden Functionality↗2024-09-16

▶

🕵️Threat Intelligence

Bleepingcomputer

D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers↗2024-09-16

▶