Lucene search

TwcertVULNRICHMENT:CVE-2024-45697

HistorySep 16, 2024 - 6:48 a.m.

CVE-2024-45697 D-Link WiFi router - Hidden Functionality

2024-09-1606:48:58

CWE-912

twcert

github.com

d-link

wifi router

telnet

vulnerability

hard-coded credentials

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

Low

EPSS

0.001

Percentile

37.0%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:dlink:dir-4860_a1:1.00:*:*:*:*:*:*:*"
    ],
    "vendor": "dlink",
    "product": "dir-4860_a1",
    "versions": [
      {
        "status": "affected",
        "version": "1.00"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:dlink:dir-4860_a1:1.04:*:*:*:*:*:*:*"
    ],
    "vendor": "dlink",
    "product": "dir-4860_a1",
    "versions": [
      {
        "status": "affected",
        "version": "1.04"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.twcert.org.tw/en/cp-139-8089-32df6-2.html

www.twcert.org.tw/tw/cp-132-8088-590ed-1.html

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

Low

EPSS

0.001

Percentile

37.0%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-45697