What is the severity of CVE-2024-45698?

CVE-2024-45698 is considered to have a high severity due to the ability for unauthenticated attackers to remotely execute arbitrary OS commands.

How do I fix CVE-2024-45698?

To mitigate CVE-2024-45698, update the D-Link DIR-X4860 firmware to the latest version that addresses this vulnerability.

Which D-Link router models are affected by CVE-2024-45698?

CVE-2024-45698 affects certain models of D-Link DIR-X4860 routers running specific firmware versions 1.00 and 1.04.

Can unauthorized users gain access due to CVE-2024-45698?

Yes, unauthorized users can gain access to the D-Link DIR-X4860 through the telnet service due to hard-coded credentials.

What is the risk of exploitation of CVE-2024-45698?

The risk of exploitation of CVE-2024-45698 includes the potential for full control over affected devices and disruption of network services.

Vulnerability/
CVE-2024-45698

critical

9.8

CWE

78 798

16/9/2024

15/10/2024

CVE-2024-45698: D-Link WiFi router - OS Command Injection

First published: Mon Sep 16 2024(Updated: )

Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inject arbitrary OS commands, which can then be executed on the device.

Credit: twcert@cert.org.tw

Affected Software	Affected Version	How to fix
All of
Any of
Dlink Dir-x4860 Firmware	=1.00
Dlink Dir-x4860 Firmware	=1.04
Dlink Dir-x4860 Firmware	=a1

Remedy

Update firmware of DIR-X4860 A1 to version 1.04B05 or later.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-45698?
CVE-2024-45698 is considered to have a high severity due to the ability for unauthenticated attackers to remotely execute arbitrary OS commands.
How do I fix CVE-2024-45698?
To mitigate CVE-2024-45698, update the D-Link DIR-X4860 firmware to the latest version that addresses this vulnerability.
Which D-Link router models are affected by CVE-2024-45698?
CVE-2024-45698 affects certain models of D-Link DIR-X4860 routers running specific firmware versions 1.00 and 1.04.
Can unauthorized users gain access due to CVE-2024-45698?
Yes, unauthorized users can gain access to the D-Link DIR-X4860 through the telnet service due to hard-coded credentials.
What is the risk of exploitation of CVE-2024-45698?
The risk of exploitation of CVE-2024-45698 includes the potential for full control over affected devices and disruption of network services.

agent/title
agent/references
agent/description
agent/type
agent/remedy
agent/first-publish-date
agent/author
agent/event
agent/weakness
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/dlink
canonical/dlink dir-x4860 firmware
version/dlink dir-x4860 firmware/1.00
version/dlink dir-x4860 firmware/1.04
version/dlink dir-x4860 firmware/a1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.