CVE-2024-45697

EPSS 0.57%
Published 16.09.2024 07:15:03
Last modified 19.09.2024 21:40:37
Source twcert@cert.org.tw
Teams watchlist Login
Open Login

Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Dlink ≫ Dir-x4860 Firmware Version1.00

Dlink ≫ Dir-x4860 Versiona1

Dlink ≫ Dir-x4860 Firmware Version1.04

Dlink ≫ Dir-x4860 Versiona1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.57%	0.677

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
twcert@cert.org.tw	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-912 Hidden Functionality

The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.

https://www.twcert.org.tw/en/cp-139-8089-32df6-2.html

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-8088-590ed-1.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-45697

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45697

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45697

EUVD