First published: Mon Nov 11 2024(Updated: )
The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account.
Credit: twcert@cert.org.tw
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
Dlink Dsl-7740c Firmware | ||
Dlink DSL-6740C Firmware |
The affected devices are no longer supported for updates. It is recommended to replace the devices.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-11068 is considered a critical vulnerability due to the potential for unauthenticated remote access and manipulation of user credentials.
The D-Link DSL6740C modem users are affected by CVE-2024-11068 as it allows unauthenticated attackers to change any user's password.
To fix CVE-2024-11068, users should update to the latest firmware provided by D-Link that addresses this vulnerability.
The risks associated with CVE-2024-11068 include unauthorized access to a user's account and potential compromise of sensitive information.
Yes, CVE-2024-11068 can be exploited remotely by attackers without authentication, making it particularly dangerous.