TwcertVULNRICHMENT:CVE-2024-6045CVE-2024-6045 D-Link router - Hidden Backdoor
8.8 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.7 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
19.9%
Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware.
CNA Affected
[
{
"vendor": "D-Link",
"product": "G403",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.01",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "G415",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.01",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "G416",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.01",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "M18",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.01",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "R03",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.01",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "R04",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.01",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "R12",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.01",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "R18",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.01",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "E30",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.02",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "M30",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.02",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "M32",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.02",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "M60",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.02",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "R32",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.02",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "E15",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.20.01",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "R15",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.20.01",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
]Related
8.8 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.7 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
19.9%