CVE-2024-11068

CRITICAL

D-Link DSL6740C - Privilege Escalation

Title source: llm

Description

The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account.

References (3)

[Various Sources] https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-bug-in-60-000-exposed-eol-modems/

[Third Party Advisory] https://www.twcert.org.tw/tw/cp-132-8227-f3f3b-1.html

[Third Party Advisory] https://www.twcert.org.tw/en/cp-139-8234-0514c-2.html

Scores

CVSS v3 9.8

EPSS 0.0119

EPSS Percentile 78.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-648

Status published

Products (1)

dlink/dsl6740c_firmware

Published Nov 11, 2024

Tracked Since Feb 18, 2026