CVE-2024-11068

CRITICAL

D-Link DSL6740C - Privilege Escalation

Title source: llm

Description

The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account.

References (3)

[Various Sources] https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-bug-in-60-000-exposed-eol-modems/

[Third Party Advisory] https://www.twcert.org.tw/en/cp-139-8234-0514c-2.html

[Third Party Advisory] https://www.twcert.org.tw/tw/cp-132-8227-f3f3b-1.html

Scores

CVSS v3 9.8

EPSS 0.0088

EPSS Percentile 75.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-648

Status published

Affected Products (1)

dlink/dsl6740c_firmware

Timeline

Published Nov 11, 2024

Tracked Since Feb 18, 2026