CVE-2024-45696

EPSS 0.2%
Veröffentlicht 16.09.2024 07:15:03
Zuletzt bearbeitet 19.09.2024 21:42:36
Quelle twcert@cert.org.tw
Teams Watchlist Login
Unerledigt Login

Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the same local network as the device.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dlink ≫ Covr-x1870 Firmware Version < 1.03b01

Dlink ≫ Covr-x1870

Dlink ≫ Dir-x4860 Firmware Version1.00

Dlink ≫ Dir-x4860 Versiona1

Dlink ≫ Dir-x4860 Firmware Version1.04

Dlink ≫ Dir-x4860 Versiona1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.428

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
twcert@cert.org.tw	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-912 Hidden Functionality

The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.

https://www.twcert.org.tw/en/cp-139-8087-c3e70-2.html

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-8086-93ed5-1.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-45696

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45696

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45696

EUVD