← back
CVE-2024-11068

D-Link DSL6740C - Incorrect Use of Privileged APIs

CVSS 9.8 CRITICALEPSS 1.2%CWE-648
The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
D-Link · DSL6740C

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-bug-in-60-000-exposed-eol-modems/https://www.twcert.org.tw/en/cp-139-8234-0514c-2.htmlhttps://www.twcert.org.tw/tw/cp-132-8227-f3f3b-1.html