CVE-2024-11068: D-Link DSL6740C - Incorrect Use of Privileged APIs
First published: Mon Nov 11 2024(Updated: )
The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account.
Credit: twcert@cert.org.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Dlink Dsl6740c Firmware | ||
| Dlink Dsl6740c |
Remedy
The affected devices are no longer supported for updates. It is recommended to replace the devices.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.bleepingcomputer.com/news/security/d-link-urges-users-to-retire-vpn-routers-impacted-by-unfixed-rce-flaw/
- https://www.twcert.org.tw/tw/cp-132-8227-f3f3b-1.html
- https://www.twcert.org.tw/en/cp-139-8234-0514c-2.html
- https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-bug-in-60-000-exposed-eol-modems/
- agent/weakness
- agent/title
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/type
- agent/severity
- agent/author
- agent/softwarecombine
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2024-10914
- alias/CVE-2024-11068
- alias/CVE-2024-11067
- alias/CVE-2024-11066
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/references
- agent/tags
- agent/trending
- vendor/dlink
- canonical/dlink dsl6740c firmware
- canonical/dlink dsl6740c