Lucene search

[email protected]NVD:CVE-2024-45698

HistorySep 16, 2024 - 7:15 a.m.

CVE-2024-45698

2024-09-1607:15:03

CWE-78

CWE-798

[email protected]

web.nvd.nist.gov

d-link routers

unauthenticated access

os commands

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

36.7%

JSON

Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inject arbitrary OS commands, which can then be executed on the device.

Affected configurations

Nvd

Node

dlinkdir-x4860_firmwareMatch1.00

dlinkdir-x4860_firmwareMatch1.04

AND

dlinkdir-x4860Matcha1

VendorProductVersionCPE
dlinkdir-x4860_firmware1.00cpe:2.3:o:dlink:dir-x4860_firmware:1.00:*:*:*:*:*:*:*
dlinkdir-x4860_firmware1.04cpe:2.3:o:dlink:dir-x4860_firmware:1.04:*:*:*:*:*:*:*
dlinkdir-x4860a1cpe:2.3:h:dlink:dir-x4860:a1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dlink	dir-x4860_firmware	1.00	cpe:2.3:o:dlink:dir-x4860_firmware:1.00:::::::*
dlink	dir-x4860_firmware	1.04	cpe:2.3:o:dlink:dir-x4860_firmware:1.04:::::::*
dlink	dir-x4860	a1	cpe:2.3:h:dlink:dir-x4860:a1:::::::*

References

www.twcert.org.tw/en/cp-139-8091-bcd52-2.html

www.twcert.org.tw/tw/cp-132-8090-bf06b-1.html

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

36.7%

JSON

Related for NVD:CVE-2024-45698

vulnrichment1 cvelist1 cve1