CVE-2024-45696

EPSS 0.2%
Published 16.09.2024 07:15:03
Last modified 19.09.2024 21:42:36
Source twcert@cert.org.tw
Teams watchlist Login
Open Login

Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the same local network as the device.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Dlink ≫ Covr-x1870 Firmware Version < 1.03b01

Dlink ≫ Covr-x1870

Dlink ≫ Dir-x4860 Firmware Version1.00

Dlink ≫ Dir-x4860 Versiona1

Dlink ≫ Dir-x4860 Firmware Version1.04

Dlink ≫ Dir-x4860 Versiona1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.2%	0.428

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
twcert@cert.org.tw	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-912 Hidden Functionality

The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.

https://www.twcert.org.tw/en/cp-139-8087-c3e70-2.html

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-8086-93ed5-1.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-45696

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45696

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45696

EUVD