The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account.
History

Sun, 24 Nov 2024 15:30:00 +0000


Fri, 15 Nov 2024 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Dlink dsl6740c
CPEs cpe:2.3:h:dlink:dsl6740c:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dsl6740c_firmware:-:*:*:*:*:*:*:*
Vendors & Products Dlink dsl6740c

Tue, 12 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink dsl6740c Firmware
CPEs cpe:2.3:o:dlink:dsl6740c_firmware:*:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink dsl6740c Firmware
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 11 Nov 2024 08:15:00 +0000

Type Values Removed Values Added
Description The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account.
Title D-Link DSL6740C - Incorrect Use of Privileged APIs
Weaknesses CWE-648
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published: 2024-11-11T08:05:18.980Z

Updated: 2024-11-24T14:51:21.810Z

Reserved: 2024-11-11T02:23:40.129Z

Link: CVE-2024-11068

cve-icon Vulnrichment

Updated: 2024-11-24T14:51:21.810Z

cve-icon NVD

Status : Modified

Published: 2024-11-11T08:15:08.850

Modified: 2024-11-24T15:15:06.707

Link: CVE-2024-11068

cve-icon Redhat

No data.