cvelistv5 - cve-2024-11068

CVE-2024-11068 (GCVE-0-2024-11068)

Vulnerability from cvelistv5

Published

2024-11-11 08:05

Modified

2024-11-24 14:51

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-648 - Incorrect Use of Privileged APIs

Summary

References

URL	Tags
twcert@cert.org.tw	https://www.twcert.org.tw/en/cp-139-8234-0514c-2.html	Third Party Advisory
twcert@cert.org.tw	https://www.twcert.org.tw/tw/cp-132-8227-f3f3b-1.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-bug-in-60-000-exposed-eol-modems/

Impacted products

	Vendor	Product	Version
	D-Link	DSL6740C	Version: 0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:dlink:dsl6740c_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "dsl6740c_firmware",
            "vendor": "dlink",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11068",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-12T16:10:55.895720Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-12T16:11:30.258Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-11-24T14:51:21.810Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-bug-in-60-000-exposed-eol-modems/"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "DSL6740C",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        }
      ],
      "datePublic": "2024-11-11T08:03:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u0026nbsp; The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user\u2019s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user\u2019s account."
            }
          ],
          "value": "The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user\u2019s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user\u2019s account."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-648",
              "description": "CWE-648 Incorrect Use of Privileged APIs",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-11T08:05:18.980Z",
        "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "shortName": "twcert"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.twcert.org.tw/tw/cp-132-8227-f3f3b-1.html"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.twcert.org.tw/en/cp-139-8234-0514c-2.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe affected devices are no longer supported for updates. It is recommended to replace the devices.\u003c/span\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "The affected devices are no longer supported for updates. It is recommended to replace the devices."
        }
      ],
      "source": {
        "advisory": "TVN-202411013",
        "discovery": "EXTERNAL"
      },
      "tags": [
        "unsupported-when-assigned"
      ],
      "title": "D-Link DSL6740C - Incorrect Use of Privileged APIs",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
    "assignerShortName": "twcert",
    "cveId": "CVE-2024-11068",
    "datePublished": "2024-11-11T08:05:18.980Z",
    "dateReserved": "2024-11-11T02:23:40.129Z",
    "dateUpdated": "2024-11-24T14:51:21.810Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-11068\",\"sourceIdentifier\":\"twcert@cert.org.tw\",\"published\":\"2024-11-11T08:15:08.850\",\"lastModified\":\"2024-11-24T15:15:06.707\",\"vulnStatus\":\"Modified\",\"cveTags\":[{\"sourceIdentifier\":\"twcert@cert.org.tw\",\"tags\":[\"unsupported-when-assigned\"]}],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user\u2019s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user\u2019s account.\"},{\"lang\":\"es\",\"value\":\"El m\u00f3dem D-Link DSL6740C tiene una vulnerabilidad de uso incorrecto de API privilegiadas, que permite a atacantes remotos no autenticados modificar la contrase\u00f1a de cualquier usuario aprovechando la API, otorgando as\u00ed acceso a servicios web, SSH y Telnet utilizando la cuenta de ese usuario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"twcert@cert.org.tw\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"twcert@cert.org.tw\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-648\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dsl6740c_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"702B0914-7B3E-4797-9D28-C1C680EC6668\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dsl6740c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04466F44-FDB1-4ABF-84F1-C88CC175BCB9\"}]}]}],\"references\":[{\"url\":\"https://www.twcert.org.tw/en/cp-139-8234-0514c-2.html\",\"source\":\"twcert@cert.org.tw\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.twcert.org.tw/tw/cp-132-8227-f3f3b-1.html\",\"source\":\"twcert@cert.org.tw\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-bug-in-60-000-exposed-eol-modems/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-bug-in-60-000-exposed-eol-modems/\"}], \"x_generator\": {\"engine\": \"ADPogram 0.0.1\"}, \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-11-24T14:51:21.810Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-11068\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-12T16:10:55.895720Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:dlink:dsl6740c_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"dlink\", \"product\": \"dsl6740c_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-12T16:11:17.877Z\"}}], \"cna\": {\"tags\": [\"unsupported-when-assigned\"], \"title\": \"D-Link DSL6740C - Incorrect Use of Privileged APIs\", \"source\": {\"advisory\": \"TVN-202411013\", \"discovery\": \"EXTERNAL\"}, \"impacts\": [{\"capecId\": \"CAPEC-233\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-233 Privilege Escalation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"D-Link\", \"product\": \"DSL6740C\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The affected devices are no longer supported for updates. It is recommended to replace the devices.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eThe affected devices are no longer supported for updates. It is recommended to replace the devices.\u003c/span\u003e\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"datePublic\": \"2024-11-11T08:03:00.000Z\", \"references\": [{\"url\": \"https://www.twcert.org.tw/tw/cp-132-8227-f3f3b-1.html\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://www.twcert.org.tw/en/cp-139-8234-0514c-2.html\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user\\u2019s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user\\u2019s account.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u0026nbsp; The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user\\u2019s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user\\u2019s account.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-648\", \"description\": \"CWE-648 Incorrect Use of Privileged APIs\"}]}], \"providerMetadata\": {\"orgId\": \"cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e\", \"shortName\": \"twcert\", \"dateUpdated\": \"2024-11-11T08:05:18.980Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-11068\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-24T14:51:21.810Z\", \"dateReserved\": \"2024-11-11T02:23:40.129Z\", \"assignerOrgId\": \"cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e\", \"datePublished\": \"2024-11-11T08:05:18.980Z\", \"assignerShortName\": \"twcert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

WID-SEC-W-2024-3395

Vulnerability from csaf_certbund

Published

2024-11-10 23:00

Modified

2024-11-12 23:00

Summary

D-LINK Router DSL6740C (EoL): Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Router der Firma D-LINK enthalten eine Firewall und in der Regel eine WLAN-Schnittstelle. Die Geräte sind hauptsächlich für private Anwender und Kleinunternehmen konzipiert.

Angriff

Ein entfernter Angreifer kann mehrere Schwachstellen im D-LINK DSL6740C ausnutzen, um beliebigen Code mit administrativen Rechten auszuführen, Administratorrechte zu erlangen oder vertrauliche Informationen offenzulegen.

Betroffene Betriebssysteme

- Hardware Appliance

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "kritisch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Router der Firma D-LINK enthalten eine Firewall und in der Regel eine WLAN-Schnittstelle. Die Ger\u00e4te sind haupts\u00e4chlich f\u00fcr private Anwender und Kleinunternehmen konzipiert.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter Angreifer kann mehrere Schwachstellen im D-LINK DSL6740C ausnutzen, um beliebigen Code mit administrativen Rechten auszuf\u00fchren, Administratorrechte zu erlangen oder vertrauliche Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Hardware Appliance",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3395 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3395.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3395 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3395"
      },
      {
        "category": "external",
        "summary": "NIST Vulnerability Database vom 2024-11-10",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11062"
      },
      {
        "category": "external",
        "summary": "NIST Vulnerability Database vom 2024-11-10",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11063"
      },
      {
        "category": "external",
        "summary": "NIST Vulnerability Database vom 2024-11-10",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11064"
      },
      {
        "category": "external",
        "summary": "NIST Vulnerability Database vom 2024-11-10",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11065"
      },
      {
        "category": "external",
        "summary": "NIST Vulnerability Database vom 2024-11-10",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11066"
      },
      {
        "category": "external",
        "summary": "NIST Vulnerability Database vom 2024-11-10",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11067"
      },
      {
        "category": "external",
        "summary": "NIST Vulnerability Database vom 2024-11-10",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11068"
      }
    ],
    "source_lang": "en-US",
    "title": "D-LINK Router DSL6740C (EoL): Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-11-12T23:00:00.000+00:00",
      "generator": {
        "date": "2024-11-13T09:16:24.473+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.8"
        }
      },
      "id": "WID-SEC-W-2024-3395",
      "initial_release_date": "2024-11-10T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-11-10T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-11-12T23:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: SAP10414"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "DSL6740C (EoL)",
                "product": {
                  "name": "D-LINK Router DSL6740C (EoL)",
                  "product_id": "T038702",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:d-link:router:d-link_dsl6740c"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Router"
          }
        ],
        "category": "vendor",
        "name": "D-LINK"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-11062",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im D-LINK DSL6740C Router. Diese Fehler existieren wegen eines OS-Befehlsinjektionsproblems. Ein entfernter authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code als Administrator auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038702"
        ]
      },
      "release_date": "2024-11-10T23:00:00.000+00:00",
      "title": "CVE-2024-11062"
    },
    {
      "cve": "CVE-2024-11063",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im D-LINK DSL6740C Router. Diese Fehler existieren wegen eines OS-Befehlsinjektionsproblems. Ein entfernter authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code als Administrator auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038702"
        ]
      },
      "release_date": "2024-11-10T23:00:00.000+00:00",
      "title": "CVE-2024-11063"
    },
    {
      "cve": "CVE-2024-11064",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im D-LINK DSL6740C Router. Diese Fehler existieren wegen eines OS-Befehlsinjektionsproblems. Ein entfernter authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code als Administrator auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038702"
        ]
      },
      "release_date": "2024-11-10T23:00:00.000+00:00",
      "title": "CVE-2024-11064"
    },
    {
      "cve": "CVE-2024-11065",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im D-LINK DSL6740C Router. Diese Fehler existieren wegen eines OS-Befehlsinjektionsproblems. Ein entfernter authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code als Administrator auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038702"
        ]
      },
      "release_date": "2024-11-10T23:00:00.000+00:00",
      "title": "CVE-2024-11065"
    },
    {
      "cve": "CVE-2024-11066",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im D-LINK DSL6740C Router. Diese Fehler existieren wegen eines OS-Befehlsinjektionsproblems. Ein entfernter authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code als Administrator auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038702"
        ]
      },
      "release_date": "2024-11-10T23:00:00.000+00:00",
      "title": "CVE-2024-11066"
    },
    {
      "cve": "CVE-2024-11067",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle im D-LINK DSL6740C Router. Dieser Fehler ist auf ein Path Traversal Problem zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038702"
        ]
      },
      "release_date": "2024-11-10T23:00:00.000+00:00",
      "title": "CVE-2024-11067"
    },
    {
      "cve": "CVE-2024-11068",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle im D-LINK DSL6740C Router. Dieser Fehler existiert wegen einer inkorrekten Verwendung von privilegierten APIs, die es erlaubt, das Passwort eines beliebigen Benutzers zu \u00e4ndern und so den Zugriff auf Web-, SSH- und Telnet-Dienste unter Verwendung des Benutzerkontos zu erm\u00f6glichen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Administratorrechte zu erlangen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038702"
        ]
      },
      "release_date": "2024-11-10T23:00:00.000+00:00",
      "title": "CVE-2024-11068"
    }
  ]
}

wid-sec-w-2024-3395

Vulnerability from csaf_certbund

Published

2024-11-10 23:00

Modified

2024-11-12 23:00

Summary

D-LINK Router DSL6740C (EoL): Mehrere Schwachstellen

Notes

Produktbeschreibung

Router der Firma D-LINK enthalten eine Firewall und in der Regel eine WLAN-Schnittstelle. Die Geräte sind hauptsächlich für private Anwender und Kleinunternehmen konzipiert.

Angriff

Betroffene Betriebssysteme

- Hardware Appliance

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "kritisch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Router der Firma D-LINK enthalten eine Firewall und in der Regel eine WLAN-Schnittstelle. Die Ger\u00e4te sind haupts\u00e4chlich f\u00fcr private Anwender und Kleinunternehmen konzipiert.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter Angreifer kann mehrere Schwachstellen im D-LINK DSL6740C ausnutzen, um beliebigen Code mit administrativen Rechten auszuf\u00fchren, Administratorrechte zu erlangen oder vertrauliche Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Hardware Appliance",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3395 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3395.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3395 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3395"
      },
      {
        "category": "external",
        "summary": "NIST Vulnerability Database vom 2024-11-10",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11062"
      },
      {
        "category": "external",
        "summary": "NIST Vulnerability Database vom 2024-11-10",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11063"
      },
      {
        "category": "external",
        "summary": "NIST Vulnerability Database vom 2024-11-10",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11064"
      },
      {
        "category": "external",
        "summary": "NIST Vulnerability Database vom 2024-11-10",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11065"
      },
      {
        "category": "external",
        "summary": "NIST Vulnerability Database vom 2024-11-10",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11066"
      },
      {
        "category": "external",
        "summary": "NIST Vulnerability Database vom 2024-11-10",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11067"
      },
      {
        "category": "external",
        "summary": "NIST Vulnerability Database vom 2024-11-10",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11068"
      }
    ],
    "source_lang": "en-US",
    "title": "D-LINK Router DSL6740C (EoL): Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-11-12T23:00:00.000+00:00",
      "generator": {
        "date": "2024-11-13T09:16:24.473+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.8"
        }
      },
      "id": "WID-SEC-W-2024-3395",
      "initial_release_date": "2024-11-10T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-11-10T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-11-12T23:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: SAP10414"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "DSL6740C (EoL)",
                "product": {
                  "name": "D-LINK Router DSL6740C (EoL)",
                  "product_id": "T038702",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:d-link:router:d-link_dsl6740c"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Router"
          }
        ],
        "category": "vendor",
        "name": "D-LINK"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-11062",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im D-LINK DSL6740C Router. Diese Fehler existieren wegen eines OS-Befehlsinjektionsproblems. Ein entfernter authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code als Administrator auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038702"
        ]
      },
      "release_date": "2024-11-10T23:00:00.000+00:00",
      "title": "CVE-2024-11062"
    },
    {
      "cve": "CVE-2024-11063",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im D-LINK DSL6740C Router. Diese Fehler existieren wegen eines OS-Befehlsinjektionsproblems. Ein entfernter authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code als Administrator auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038702"
        ]
      },
      "release_date": "2024-11-10T23:00:00.000+00:00",
      "title": "CVE-2024-11063"
    },
    {
      "cve": "CVE-2024-11064",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im D-LINK DSL6740C Router. Diese Fehler existieren wegen eines OS-Befehlsinjektionsproblems. Ein entfernter authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code als Administrator auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038702"
        ]
      },
      "release_date": "2024-11-10T23:00:00.000+00:00",
      "title": "CVE-2024-11064"
    },
    {
      "cve": "CVE-2024-11065",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im D-LINK DSL6740C Router. Diese Fehler existieren wegen eines OS-Befehlsinjektionsproblems. Ein entfernter authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code als Administrator auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038702"
        ]
      },
      "release_date": "2024-11-10T23:00:00.000+00:00",
      "title": "CVE-2024-11065"
    },
    {
      "cve": "CVE-2024-11066",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im D-LINK DSL6740C Router. Diese Fehler existieren wegen eines OS-Befehlsinjektionsproblems. Ein entfernter authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code als Administrator auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038702"
        ]
      },
      "release_date": "2024-11-10T23:00:00.000+00:00",
      "title": "CVE-2024-11066"
    },
    {
      "cve": "CVE-2024-11067",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle im D-LINK DSL6740C Router. Dieser Fehler ist auf ein Path Traversal Problem zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038702"
        ]
      },
      "release_date": "2024-11-10T23:00:00.000+00:00",
      "title": "CVE-2024-11067"
    },
    {
      "cve": "CVE-2024-11068",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle im D-LINK DSL6740C Router. Dieser Fehler existiert wegen einer inkorrekten Verwendung von privilegierten APIs, die es erlaubt, das Passwort eines beliebigen Benutzers zu \u00e4ndern und so den Zugriff auf Web-, SSH- und Telnet-Dienste unter Verwendung des Benutzerkontos zu erm\u00f6glichen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Administratorrechte zu erlangen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038702"
        ]
      },
      "release_date": "2024-11-10T23:00:00.000+00:00",
      "title": "CVE-2024-11068"
    }
  ]
}

ghsa-7932-gcjg-wrfw

Vulnerability from github

Published

2024-11-11 09:30

Modified

2024-11-24 15:31

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-11068"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-648"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-11T08:15:08Z",
    "severity": "CRITICAL"
  },
  "details": "The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user\u2019s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user\u2019s account.",
  "id": "GHSA-7932-gcjg-wrfw",
  "modified": "2024-11-24T15:31:38Z",
  "published": "2024-11-11T09:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11068"
    },
    {
      "type": "WEB",
      "url": "https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-bug-in-60-000-exposed-eol-modems"
    },
    {
      "type": "WEB",
      "url": "https://www.twcert.org.tw/en/cp-139-8234-0514c-2.html"
    },
    {
      "type": "WEB",
      "url": "https://www.twcert.org.tw/tw/cp-132-8227-f3f3b-1.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

fkie_cve-2024-11068

Vulnerability from fkie_nvd

Published

2024-11-11 08:15

Modified

2024-11-24 15:15

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
twcert@cert.org.tw	https://www.twcert.org.tw/en/cp-139-8234-0514c-2.html	Third Party Advisory
twcert@cert.org.tw	https://www.twcert.org.tw/tw/cp-132-8227-f3f3b-1.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-bug-in-60-000-exposed-eol-modems/

Impacted products

	Vendor	Product	Version
	dlink	dsl6740c_firmware	-
	dlink	dsl6740c	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dsl6740c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "702B0914-7B3E-4797-9D28-C1C680EC6668",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dsl6740c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "04466F44-FDB1-4ABF-84F1-C88CC175BCB9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [
    {
      "sourceIdentifier": "twcert@cert.org.tw",
      "tags": [
        "unsupported-when-assigned"
      ]
    }
  ],
  "descriptions": [
    {
      "lang": "en",
      "value": "The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user\u2019s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user\u2019s account."
    },
    {
      "lang": "es",
      "value": "El m\u00f3dem D-Link DSL6740C tiene una vulnerabilidad de uso incorrecto de API privilegiadas, que permite a atacantes remotos no autenticados modificar la contrase\u00f1a de cualquier usuario aprovechando la API, otorgando as\u00ed acceso a servicios web, SSH y Telnet utilizando la cuenta de ese usuario."
    }
  ],
  "id": "CVE-2024-11068",
  "lastModified": "2024-11-24T15:15:06.707",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "twcert@cert.org.tw",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-11-11T08:15:08.850",
  "references": [
    {
      "source": "twcert@cert.org.tw",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.twcert.org.tw/en/cp-139-8234-0514c-2.html"
    },
    {
      "source": "twcert@cert.org.tw",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.twcert.org.tw/tw/cp-132-8227-f3f3b-1.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-bug-in-60-000-exposed-eol-modems/"
    }
  ],
  "sourceIdentifier": "twcert@cert.org.tw",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-648"
        }
      ],
      "source": "twcert@cert.org.tw",
      "type": "Primary"
    }
  ]
}

cnvd-2024-45432

Vulnerability from cnvd

Title: D-Link DSL6740C使用特权API不正确漏洞

Description:

D-Link DSL6740C是中国友讯（D-Link）公司的一款无线VDSL路由器。

D-Link DSL6740C存在安全漏洞，攻击者可利用此漏洞可通过特定API修改任意用户密码后来登入Web、SSH及Telnet等服务。

Severity: 高

Formal description:

厂商尚未提供漏洞修复方案，请关注厂商主页更新： http://www.dlink.com.cn/

Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-11068

Impacted products

Name
D-Link DSL6740C

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-11068",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-11068"
    }
  },
  "description": "D-Link DSL6740C\u662f\u4e2d\u56fd\u53cb\u8baf\uff08D-Link\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebfVDSL\u8def\u7531\u5668\u3002\n\nD-Link DSL6740C\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u901a\u8fc7\u7279\u5b9aAPI\u4fee\u6539\u4efb\u610f\u7528\u6237\u5bc6\u7801\u540e\u6765\u767b\u5165Web\u3001SSH\u53caTelnet\u7b49\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttp://www.dlink.com.cn/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-45432",
  "openTime": "2024-11-20",
  "products": {
    "product": "D-Link DSL6740C"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2024-11068",
  "serverity": "\u9ad8",
  "submitTime": "2024-11-15",
  "title": "D-Link DSL6740C\u4f7f\u7528\u7279\u6743API\u4e0d\u6b63\u786e\u6f0f\u6d1e"
}

var-202411-1034

Vulnerability from variot

The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account. D-Link Systems, Inc. of dsl6740c The firmware has privilege API A vulnerability exists related to improper use of .Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DSL6740C is a wireless VDSL router from D-Link of China.

D-Link DSL6740C has a security vulnerability

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202411-1034",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "dsl6740c",
        "scope": null,
        "trust": 1.4,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "dsl6740c",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dlink",
        "version": null
      },
      {
        "model": "dsl6740c",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "dsl6740c",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "d link",
        "version": "dsl6740c  firmware"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-45432"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-012888"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-11068"
      }
    ]
  },
  "cve": "CVE-2024-11068",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2024-45432",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "twcert@cert.org.tw",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2024-11068",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "OTHER",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2024-012888",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "twcert@cert.org.tw",
            "id": "CVE-2024-11068",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "OTHER",
            "id": "JVNDB-2024-012888",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2024-45432",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-45432"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-012888"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-11068"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user\u2019s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user\u2019s account. D-Link Systems, Inc. of dsl6740c The firmware has privilege API A vulnerability exists related to improper use of .Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DSL6740C is a wireless VDSL router from D-Link of China. \n\nD-Link DSL6740C has a security vulnerability",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2024-11068"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-012888"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2024-45432"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2024-11068",
        "trust": 3.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-012888",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2024-45432",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-45432"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-012888"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-11068"
      }
    ]
  },
  "id": "VAR-202411-1034",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-45432"
      }
    ],
    "trust": 1.35
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-45432"
      }
    ]
  },
  "last_update_date": "2024-11-25T23:31:25.692000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-648",
        "trust": 1.0
      },
      {
        "problemtype": "privilege  API improper use of (CWE-648) [ others ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-012888"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-11068"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://www.twcert.org.tw/en/cp-139-8234-0514c-2.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.twcert.org.tw/tw/cp-132-8227-f3f3b-1.html"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2024-11068"
      },
      {
        "trust": 1.0,
        "url": "https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-bug-in-60-000-exposed-eol-modems/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-45432"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-012888"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-11068"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-45432"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-012888"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-11068"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-11-20T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2024-45432"
      },
      {
        "date": "2024-11-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2024-012888"
      },
      {
        "date": "2024-11-11T08:15:08.850000",
        "db": "NVD",
        "id": "CVE-2024-11068"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-11-20T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2024-45432"
      },
      {
        "date": "2024-11-18T08:38:00",
        "db": "JVNDB",
        "id": "JVNDB-2024-012888"
      },
      {
        "date": "2024-11-24T15:15:06.707000",
        "db": "NVD",
        "id": "CVE-2024-11068"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0dsl6740c\u00a0 Firmware Privileges \u00a0API\u00a0 Improper Use Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-012888"
      }
    ],
    "trust": 0.8
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2024-11068 (GCVE-0-2024-11068)

Vulnerability from cvelistv5

WID-SEC-W-2024-3395

Vulnerability from csaf_certbund

wid-sec-w-2024-3395

Vulnerability from csaf_certbund

ghsa-7932-gcjg-wrfw

Vulnerability from github

fkie_cve-2024-11068

Vulnerability from fkie_nvd

cnvd-2024-45432

Vulnerability from cnvd

var-202411-1034

Vulnerability from variot

Tags

Sightings

Nomenclature