CVE-2024-11068

D-Link DSL6740C - Incorrect Use of Privileged APIs

CVSS 9.8 CRITICALEPSS 1.2%CWE-648

The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Produtos afetados

D-Link · DSL6740C

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-bug-in-60-000-exposed-eol-modems/https://www.twcert.org.tw/en/cp-139-8234-0514c-2.html https://www.twcert.org.tw/tw/cp-132-8227-f3f3b-1.html