CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-11068

CVSS 9.8v3.1pub. 2024-11-11upd. 2024-11-24

The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account.

🤖 AI Analysis
How it works

The vulnerability results from lack of proper permission verification in the modem's API — an unauthenticated network attacker can invoke privileged API functions without needing any credentials. This allows changing the password of any user account on the device. After changing the password, the attacker gains full access to the modem management services: Web interface, SSH, and Telnet.

Impact

An attacker can take control of any account on the device, gaining access to the management interface via Web, SSH, and Telnet, which in practice means complete takeover of the modem and potentially the entire network behind it.

Mitigation & patch

The D-Link manufacturer does not plan to release a patch due to the device's End-of-Life (EOL) status. It is recommended to immediately withdraw the device from use or — if this is not possible — isolate the management interface from the public network (disable remote access, apply firewall blocking access to management ports from outside). Consider replacing the device with an actively supported model.

Who is affected

D-Link DSL6740C Firmware (D-Link DSL6740C modem) — according to manufacturer information, the device is marked as End-of-Life (EOL), and the vulnerability affects its firmware versions indicated in the manufacturer's references

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dlink Dsl6740c

    HW
    Dlink
    wszystkie wersje
  • Dlink Dsl6740c Firmware

    OS
    Dlink
    wszystkie wersje
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2024-11062HIGH7.2ten sam produkt

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administra...

CVE-2024-11063HIGH7.2ten sam produkt

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administra...

CVE-2024-11064HIGH7.2ten sam produkt

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administra...

CVE-2024-11065HIGH7.2ten sam produkt

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administra...

CVE-2024-11066HIGH7.2ten sam produkt

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administra...