The D-Link DSL6740C modem has a Path Traversal Vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. Additionally, since the device's default password is a combination of the MAC address, attackers can obtain the MAC address through this vulnerability and attempt to log in to the device using the default password.
History

Sun, 24 Nov 2024 15:30:00 +0000


Fri, 15 Nov 2024 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Dlink dsl6740c
CPEs cpe:2.3:h:dlink:dsl6740c:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dsl6740c_firmware:-:*:*:*:*:*:*:*
Vendors & Products Dlink dsl6740c

Tue, 12 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink dsl6740c Firmware
CPEs cpe:2.3:o:dlink:dsl6740c_firmware:*:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink dsl6740c Firmware
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 11 Nov 2024 08:15:00 +0000

Type Values Removed Values Added
Description The D-Link DSL6740C modem has a Path Traversal Vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. Additionally, since the device's default password is a combination of the MAC address, attackers can obtain the MAC address through this vulnerability and attempt to log in to the device using the default password.
Title D-Link DSL6740C - Arbitrary File Reading through Path Traversal
Weaknesses CWE-23
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published: 2024-11-11T08:00:59.881Z

Updated: 2024-11-24T14:50:55.666Z

Reserved: 2024-11-11T02:23:38.981Z

Link: CVE-2024-11067

cve-icon Vulnrichment

Updated: 2024-11-24T14:50:55.666Z

cve-icon NVD

Status : Modified

Published: 2024-11-11T08:15:08.263

Modified: 2024-11-24T15:15:06.567

Link: CVE-2024-11067

cve-icon Redhat

No data.