Lucene search
TwcertVULNRICHMENT:CVE-2024-6045HistoryJun 17, 2024 - 3:12 a.m.
CVE-2024-6045 D-Link router - Hidden Backdoor
2024-06-1703:12:14
CWE-798
CWE-912
twcert
github.com
17
d-link
router
hidden backdoor
factory testing
telnet service
administrator credentials
firmware
CVSS3
8.8
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
6.7
Confidence
Low
SSVC
Exploitation
none
Automatable
yes
Technical Impact
total
Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware.
CNA Affected
[
{
"vendor": "D-Link",
"product": "G403",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.01",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "G415",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.01",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "G416",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.01",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "M18",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.01",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "R03",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.01",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "R04",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.01",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "R12",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.01",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "R18",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.01",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "E30",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.02",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "M30",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.02",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "M32",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.02",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "M60",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.02",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "R32",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.02",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "E15",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.20.01",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "R15",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.20.01",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
]ADP Affected
[
{
"cpes": [
"cpe:2.3:o:dlink:r12_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:dlink:r18_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:dlink:r04_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:dlink:r03_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:dlink:m18_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:dlink:g416_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:dlink:g415_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:dlink:g403_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "dlink",
"product": "g403_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "1.10.01",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:dlink:r32_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:dlink:m60_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:dlink:m32_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:dlink:m30_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:dlink:e30_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "dlink",
"product": "e30_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "1.10.02",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:dlink:r15_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:dlink:e15_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "dlink",
"product": "e15_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "1.20.01",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
]Related
cvelist
cvelist
CVE-2024-6045 D-Link router - Hidden Backdoor
2024-06-17 03:12:14
cve
cve
CVE-2024-6045
2024-06-17 04:15:09
nvd
nvd
CVE-2024-6045
2024-06-17 04:15:09
CVSS3
8.8
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
6.7
Confidence
Low
SSVC
Exploitation
none
Automatable
yes
Technical Impact
total
Related for VULNRICHMENT:CVE-2024-6045