Vulnerabilities > CVE-2024-45696 - Hidden Functionality vulnerability in Dlink Covr-X1870 Firmware and Dir-X4860 Firmware

CVSS 8.8 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

dlink

CWE-912

NVD

Published: 2024-09-16

Updated: 2024-09-19

Summary

Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the same local network as the device.

Vulnerable Configurations

Part	Description	Count
OS	Dlink Dlink Covr X1870 Firmware * Dlink DIR X4860 Firmware 1.00 Dlink DIR X4860 Firmware 1.04	3
Hardware	Dlink Dlink Covr X1870 * Dlink DIR X4860 A1	2

Common Weakness Enumeration (CWE)

CWE-912 - Hidden Functionality

References

https://www.twcert.org.tw/tw/cp-132-8086-93ed5-1.html
https://www.twcert.org.tw/en/cp-139-8087-c3e70-2.html