TVN ID | TVN-202409023 |
---|---|
CVE ID | CVE-2024-45696 |
CVSS | 8.8 (High) CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Affected Products | DIR-X4860 A1 firmware version 1.00, 1.04.COVR-X1870 firmware version v1.02 and earlier. |
Description | Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the same local network as the device. |
Solution | Update firmware of DIR-X4860 A1 to version 1.04B05 or later.Update frimware of COVR-X1870 to v1.03B01 or later. |
Credit | raymond |
Public Date | 2024-09-16 |