CVE-2024-48271

HIGH

D-Link DSL6740C v6.TR069.20211230 - Privilege Escalation

Title source: llm

Description

D-Link DSL6740C v6.TR069.20211230 was discovered to use insecure default credentials for Administrator access, possibly allowing attackers to bypass authentication and escalate privileges on the device via a bruteforce attack.

References (2)

[Exploit, Third Party Advisory] https://gist.github.com/stevenyu113228/e264c145d6e6e6b59cf53fddc27409ad#1--predictable-administrator-credentials-in-d-link-dsl6740c-modem

[Product] https://www.dlink.com/en/security-bulletin/

Scores

CVSS v3 8.8

EPSS 0.0003

EPSS Percentile 9.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-521

Status published

Products (1)

dlink/dsl-6740c_firmware 6.tr069.20211230

Published Oct 30, 2024

Tracked Since Feb 18, 2026