CVE-2024-45696

EUVD-2024-41557
Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the same local network as the device.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
twcertCNA
8.8 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
Affected Products (NVD)
VendorProductVersion
dlinkcovr-x1870_firmware
𝑥
< 1.03b01
dlinkdir-x4860_firmware
1.00
dlinkdir-x4860_firmware
1.04
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.twcert.org.tw/en/cp-139-8087-c3e70-2.html
https://www.twcert.org.tw/tw/cp-132-8086-93ed5-1.html