Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-11068

The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account.

Published

2024-11-11T08:15:08.850

Last Modified

2024-11-24T15:15:06.707

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
CWE-648

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	dlink	dsl6740c_firmware	-	Yes
Hardware	dlink	dsl6740c	-	No

References

https://www.twcert.org.tw/en/cp-139-8234-0514c-2.html Third Party Advisory ([email protected])
https://www.twcert.org.tw/tw/cp-132-8227-f3f3b-1.html Third Party Advisory ([email protected])
https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-bug-in-60-000-exposed-eol-modems/ (af854a3a-2127-422b-91ae-364da2661108)