CVE-2024-45697

EPSS 0.57%
Veröffentlicht 16.09.2024 07:15:03
Zuletzt bearbeitet 19.09.2024 21:40:37
Quelle twcert@cert.org.tw
Teams Watchlist Login
Unerledigt Login

Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dlink ≫ Dir-x4860 Firmware Version1.00

Dlink ≫ Dir-x4860 Versiona1

Dlink ≫ Dir-x4860 Firmware Version1.04

Dlink ≫ Dir-x4860 Versiona1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.57%	0.677

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
twcert@cert.org.tw	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-912 Hidden Functionality

The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.

https://www.twcert.org.tw/en/cp-139-8089-32df6-2.html

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-8088-590ed-1.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-45697

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45697

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45697

EUVD