CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11068 – D-Link DSL6740C - Incorrect Use of Privileged APIs
https://notcve.org/view.php?id=CVE-2024-11068
The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account. • https://www.twcert.org.tw/en/cp-139-8234-0514c-2.html https://www.twcert.org.tw/tw/cp-132-8227-f3f3b-1.html • CWE-648: Incorrect Use of Privileged APIs •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11067 – D-Link DSL6740C - Arbitrary File Reading through Path Traversal
https://notcve.org/view.php?id=CVE-2024-11067
The D-Link DSL6740C modem has a Path Traversal Vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. Additionally, since the device's default password is a combination of the MAC address, attackers can obtain the MAC address through this vulnerability and attempt to log in to the device using the default password. • https://www.twcert.org.tw/en/cp-139-8233-903d9-2.html https://www.twcert.org.tw/tw/cp-132-8226-0b07b-1.html • CWE-23: Relative Path Traversal •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11066 – D-Link DSL6740C - OS Command Injection
https://notcve.org/view.php?id=CVE-2024-11066
The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through the specific web page. • https://www.twcert.org.tw/en/cp-139-8232-5d94e-2.html https://www.twcert.org.tw/tw/cp-132-8225-3d882-1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11064 – D-Link DSL6740C - OS Command Injection
https://notcve.org/view.php?id=CVE-2024-11064
The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. • https://www.twcert.org.tw/en/cp-139-8230-11430-2.html https://www.twcert.org.tw/tw/cp-132-8223-f6da0-1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11063 – D-Link DSL6740C - OS Command Injection
https://notcve.org/view.php?id=CVE-2024-11063
The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. • https://www.twcert.org.tw/en/cp-139-8229-3c2ab-2.html https://www.twcert.org.tw/tw/cp-132-8222-eb5bb-1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •