WARNING: D-LINK PRIVILEGE ESCALATION VULNERABILITY, REPLACE IMMEDIATELY!

Reference:
Advisory #2024-260

Version:
1.0

Affected software:
D-Link DSL6740C modem

Type:
Privilege Escalation

CVE/CVSS:
CVE-2024-11068: CVSS 9.8(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2024-11067: CVSS 7.5(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Sources

NVD

• https://nvd.nist.gov/vuln/detail/CVE-2024-11068
• https://nvd.nist.gov/vuln/detail/CVE-2024-11067

Risks

The D-Link DSL6740C modem has two critical vulnerabilities that allow unauthenticated remote attackers to modify user passwords, gain unauthorized access to services (Web, SSH, Telnet), and read arbitrary system files. The default password generation mechanism further amplifies the risk.

Description

Attackers can exploit API misuse to reset passwords (CVE-2024-11067) and use path traversal (CVE-2024-11068) to access system files and default passwords, enabling unauthorized access to the device.

Recommended Actions

The affected devices no longer support updates.

The Centre for Cybersecurity Belgium strongly recommends replacing the devices, since the affected devices no longer support updates.

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

References

CERT Taiwan - https://www.twcert.org.tw/en/cp-139-8234-0514c-2.html

CVE Details - https://www.cvedetails.com/cve/CVE-2024-11068/