Sign-up

ID

VAR-202411-1034


CVE

CVE-2024-11068


TITLE

D-Link Systems, Inc.  of  dsl6740c  Firmware Privileges  API  Improper Use Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-012888

DESCRIPTION

The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account. D-Link Systems, Inc. of dsl6740c The firmware has privilege API A vulnerability exists related to improper use of .Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DSL6740C is a wireless VDSL router from D-Link of China. D-Link DSL6740C has a security vulnerability

Trust: 2.16

sources: NVD: CVE-2024-11068 // JVNDB: JVNDB-2024-012888 // CNVD: CNVD-2024-45432

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-45432

AFFECTED PRODUCTS

vendor:d linkmodel:dsl6740cscope: - version: -

Trust: 1.4

vendor:dlinkmodel:dsl6740cscope:eqversion: -

Trust: 1.0

vendor:d linkmodel:dsl6740cscope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dsl6740cscope:eqversion:dsl6740c firmware

Trust: 0.8

sources: CNVD: CNVD-2024-45432 // JVNDB: JVNDB-2024-012888 // NVD: CVE-2024-11068

CVSS

SEVERITY

CVSSV2

CVSSV3

twcert@cert.org.tw: CVE-2024-11068
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2024-012888
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2024-45432
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-45432
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

twcert@cert.org.tw: CVE-2024-11068
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2024-012888
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-45432 // JVNDB: JVNDB-2024-012888 // NVD: CVE-2024-11068

PROBLEMTYPE DATA

problemtype:CWE-648

Trust: 1.0

problemtype:privilege API improper use of (CWE-648) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-012888 // NVD: CVE-2024-11068

EXTERNAL IDS

db:NVDid:CVE-2024-11068

Trust: 3.2

db:JVNDBid:JVNDB-2024-012888

Trust: 0.8

db:CNVDid:CNVD-2024-45432

Trust: 0.6

sources: CNVD: CNVD-2024-45432 // JVNDB: JVNDB-2024-012888 // NVD: CVE-2024-11068

REFERENCES

url:https://www.twcert.org.tw/en/cp-139-8234-0514c-2.html

Trust: 1.8

url:https://www.twcert.org.tw/tw/cp-132-8227-f3f3b-1.html

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-11068

Trust: 1.4

url:https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-bug-in-60-000-exposed-eol-modems/

Trust: 1.0

sources: CNVD: CNVD-2024-45432 // JVNDB: JVNDB-2024-012888 // NVD: CVE-2024-11068

SOURCES

db:CNVDid:CNVD-2024-45432
db:JVNDBid:JVNDB-2024-012888
db:NVDid:CVE-2024-11068

LAST UPDATE DATE

2024-11-25T23:31:25.692000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-45432date:2024-11-20T00:00:00
db:JVNDBid:JVNDB-2024-012888date:2024-11-18T08:38:00
db:NVDid:CVE-2024-11068date:2024-11-24T15:15:06.707

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-45432date:2024-11-20T00:00:00
db:JVNDBid:JVNDB-2024-012888date:2024-11-18T00:00:00
db:NVDid:CVE-2024-11068date:2024-11-11T08:15:08.850