CVE-2024-45696

Summary

Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the same local network as the device.

Affected Software

VendorProductVersion RangeStatus
D-LinkDIR-X4860 A11.00affected
D-LinkDIR-X4860 A11.04affected
D-LinkCOVR-X18700 <= 1.02affected

Weaknesses

  • CWE-912: CWE-912 Hidden Functionality

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References