wireless routers
by Dlink
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-45698 | Cri | 0.64 | 9.8 | 0.01 | Sep 16, 2024 | Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inject arbitrary OS commands, which can then be executed on the device. | ||
| CVE-2024-45697 | Cri | 0.64 | 9.8 | 0.01 | Sep 16, 2024 | Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials. | ||
| CVE-2024-45695 | Cri | 0.64 | 9.8 | 0.02 | Sep 16, 2024 | The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. | ||
| CVE-2024-45694 | Cri | 0.64 | 9.8 | 0.02 | Sep 16, 2024 | The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. | ||
| CVE-2024-6045 | Hig | 0.58 | 8.8 | 0.06 | Jun 17, 2024 | Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained… | ||
| CVE-2024-45696 | Hig | 0.57 | 8.8 | 0.01 | Sep 16, 2024 | Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be… | ||
| CVE-2024-6044 | Med | 0.42 | 6.5 | 0.00 | Jun 17, 2024 | Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the URL. |
- risk 0.64cvss 9.8epss 0.01
Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inject arbitrary OS commands, which can then be executed on the device.
- risk 0.64cvss 9.8epss 0.01
Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials.
- risk 0.64cvss 9.8epss 0.02
The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.
- risk 0.64cvss 9.8epss 0.02
The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.
- risk 0.58cvss 8.8epss 0.06
Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained…
- risk 0.57cvss 8.8epss 0.01
Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be…
- risk 0.42cvss 6.5epss 0.00
Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the URL.