DSL6740C
by Dlink
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-11068 | 0.00 | — | 0.01 | Nov 11, 2024 | The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account. | |||
| CVE-2024-11067 | 0.00 | — | 0.00 | Nov 11, 2024 | The D-Link DSL6740C modem has a Path Traversal Vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. Additionally, since the device's default password is a combination of the MAC address, attackers can obtain the MAC address through this vulnerability and attempt to log in to the device using the default password. | |||
| CVE-2024-11066 | 0.00 | — | 0.01 | Nov 11, 2024 | The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through the specific web page. | |||
| CVE-2024-11065 | 0.00 | — | 0.01 | Nov 11, 2024 | The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. | |||
| CVE-2024-11064 | 0.00 | — | 0.01 | Nov 11, 2024 | The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. | |||
| CVE-2024-11063 | 0.00 | — | 0.01 | Nov 11, 2024 | The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. | |||
| CVE-2024-11062 | 0.00 | — | 0.01 | Nov 11, 2024 | The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. | |||
| CVE-2024-48271 | 0.00 | — | 0.00 | Oct 30, 2024 | D-Link DSL6740C v6.TR069.20211230 was discovered to use insecure default credentials for Administrator access, possibly allowing attackers to bypass authentication and escalate privileges on the device via a bruteforce attack. | |||
| CVE-2024-48272 | 0.00 | — | 0.00 | Oct 30, 2024 | D-Link DSL6740C v6.TR069.20211230 was discovered to use an insecure default Wifi password, possibly allowing attackers to connect to the device via a bruteforce attack. |
- CVE-2024-11068Nov 11, 2024risk 0.00cvss —epss 0.01
The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account.
- CVE-2024-11067Nov 11, 2024risk 0.00cvss —epss 0.00
The D-Link DSL6740C modem has a Path Traversal Vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. Additionally, since the device's default password is a combination of the MAC address, attackers can obtain the MAC address through this vulnerability and attempt to log in to the device using the default password.
- CVE-2024-11066Nov 11, 2024risk 0.00cvss —epss 0.01
The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through the specific web page.
- CVE-2024-11065Nov 11, 2024risk 0.00cvss —epss 0.01
The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.
- CVE-2024-11064Nov 11, 2024risk 0.00cvss —epss 0.01
The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.
- CVE-2024-11063Nov 11, 2024risk 0.00cvss —epss 0.01
The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.
- CVE-2024-11062Nov 11, 2024risk 0.00cvss —epss 0.01
The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.
- CVE-2024-48271Oct 30, 2024risk 0.00cvss —epss 0.00
D-Link DSL6740C v6.TR069.20211230 was discovered to use insecure default credentials for Administrator access, possibly allowing attackers to bypass authentication and escalate privileges on the device via a bruteforce attack.
- CVE-2024-48272Oct 30, 2024risk 0.00cvss —epss 0.00
D-Link DSL6740C v6.TR069.20211230 was discovered to use an insecure default Wifi password, possibly allowing attackers to connect to the device via a bruteforce attack.