Vulnerability Details CVE-2024-45696
Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the same local network as the device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 48.0%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2024-45696
-
cpe:2.3:h:dlink:covr-x1870:-
-
cpe:2.3:h:dlink:dir-x4860:a1
-
cpe:2.3:o:dlink:covr-x1870_firmware:-
-
cpe:2.3:o:dlink:dir-x4860_firmware:1.00
-
cpe:2.3:o:dlink:dir-x4860_firmware:1.04