First published: Mon Sep 16 2024(Updated: )
Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials.
Credit: twcert@cert.org.tw
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
Any of | ||
Dlink Dir-x4860 Firmware | =1.00 | |
Dlink Dir-x4860 Firmware | =1.04 | |
Dlink Dir-x4860 Firmware | =a1 |
Update firmware of DIR-X4860 A1 to version 1.04B05 or later.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-45697 is considered a high severity vulnerability due to the potential for unauthorized remote access and command execution.
To fix CVE-2024-45697, disable the telnet service in the router settings and ensure the firmware is updated to a version that addresses this vulnerability.
CVE-2024-45697 affects specific versions of the D-Link DIR-X4860 firmware, including versions 1.00 and 1.04.
Yes, remote attackers can exploit CVE-2024-45697 easily using hard-coded credentials if the telnet service is enabled.
Only the D-Link DIR-X4860 models with the specified vulnerable firmware versions are impacted by CVE-2024-45697.