Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the same local network as the device.
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDlink Covr X1870
HWDlinkwszystkie wersjeDlink Covr X1870 Firmware
OSDlink< 1.03b01Dlink Dir X4860
HWDlinka1Dlink Dir X4860 Firmware
OSDlink1.001.04
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2024-45694CRITICAL9.8PL ✓ten sam produkt
Stack-based Buffer Overflow w routerach D-Link DIR-X5460 umożliwiający RCE
CVE-2024-45695CRITICAL9.8PL ✓ten sam produkt
Stack-based Buffer Overflow w routerach D-Link DIR-X4860 umożliwiający RCE
CVE-2024-45697CRITICAL9.8PL ✓ten sam produkt
D-Link DIR-X4860 — ukryta usługa telnet z zakodowanymi danymi logowania
CVE-2024-45698CRITICAL9.8PL ✓ten sam produkt
D-Link DIR-X4860: command injection przez telnet z użyciem zakodowanych poświadczeń
CVE-2024-3272CRITICAL9.8⚠ KEVPL ✓ten sam vendor
D-Link DNS-320L/325/327L/340L — zakodowane na stałe poświadczenia (hard-coded credentials)