CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45698 – D-Link WiFi router - OS Command Injection
https://notcve.org/view.php?id=CVE-2024-45698
Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inject arbitrary OS commands, which can then be executed on the device. • https://www.twcert.org.tw/tw/cp-132-8090-bf06b-1.html https://www.twcert.org.tw/en/cp-139-8091-bcd52-2.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45697 – D-Link WiFi router - Hidden Functionality
https://notcve.org/view.php?id=CVE-2024-45697
Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials. • https://www.twcert.org.tw/tw/cp-132-8088-590ed-1.html https://www.twcert.org.tw/en/cp-139-8089-32df6-2.html • CWE-912: Hidden Functionality •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-45696 – D-Link WiFi router - Hidden Functionality
https://notcve.org/view.php?id=CVE-2024-45696
Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the same local network as the device. • https://www.twcert.org.tw/tw/cp-132-8086-93ed5-1.html https://www.twcert.org.tw/en/cp-139-8087-c3e70-2.html • CWE-912: Hidden Functionality •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45695 – D-Link WiFi router - Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-45695
The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. • https://www.twcert.org.tw/tw/cp-132-8082-f1687-1.html https://www.twcert.org.tw/en/cp-139-8083-a299e-2.html • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-45694 – D-Link WiFi router - Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-45694
The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. • https://www.twcert.org.tw/tw/cp-132-8080-7f494-1.html https://www.twcert.org.tw/en/cp-139-8081-3fb39-2.html • CWE-121: Stack-based Buffer Overflow •