CVE-2024-45696 HIGH

CVE-2024-45696: D-Link WiFi router - Hidden Functionality

Vendor D-Link
Product DIR-X4860 A1
Weakness CWE-912
Published September 16, 2024
Last update September 16, 2024

CVSS base score

8.8/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the same local network as the device.

Key dates

02Disclosure timeline

September 16, 2024 CVE published
September 16, 2024 Record updated