Wireless Routers Vulnerable to Command Injection Attacks
CVE-2024-45698

9.8CRITICAL

Key Information:

Vendor: D-link
Status: Dir-x4860 A1
Vendor: CVE Published:; 16 September 2024

Summary

Certain D-Link wireless router models exhibit a significant vulnerability due to inadequate user input validation in their telnet service. This flaw allows unauthenticated attackers to exploit hard-coded credentials, gaining remote access to the devices. Once accessed, attackers can execute arbitrary operating system commands, potentially compromising the entire device and any connected network resources. Prompt attention to this issue is essential for safeguarding network security.

Affected Version(s)

DIR-X4860 A1 1.00

DIR-X4860 A1 1.04

References

https://www.twcert.org.tw/tw/cp-132-8090-bf06b-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-8091-bcd52-2.html

third-party-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 16, 2024
Vulnerability Reserved
Sep 5, 2024