CVE-2024-45697

Summary

Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials.

Affected Software

VendorProductVersion RangeStatus
D-LinkDIR-X4860 A11.00affected
D-LinkDIR-X4860 A11.04affected

Weaknesses

  • CWE-912: CWE-912 Hidden Functionality

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References