First published: Mon Sep 16 2024(Updated: )
Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the same local network as the device.
Credit: twcert@cert.org.tw
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
D-Link Covr X1870 | <1.03b01 | |
D-Link Covr X1870 | ||
All of | ||
Any of | ||
Dlink Dir-x4860 Firmware | =1.00 | |
Dlink Dir-x4860 Firmware | =1.04 | |
Dlink Dir-x4860 Firmware | =a1 |
Update firmware of DIR-X4860 A1 to version 1.04B05 or later. Update frimware of COVR-X1870 to v1.03B01 or later.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-45696 allows attackers to enable the telnet service on certain D-Link wireless routers by sending specific packets, gaining access with hard-coded credentials.
The affected models include D-Link Covr-x1870 and D-Link Dir-x4860 with specific firmware versions.
To mitigate CVE-2024-45696, users should update their D-Link router's firmware to a secure version that addresses this vulnerability.
The risks include unauthorized access to network settings and potential exploitation of the router for further attacks.
Yes, D-Link has released firmware updates that patch the vulnerabilities associated with CVE-2024-45696.