CVE-2024-11064

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:dsl6740c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsl6740c:-:*:*:*:*:*:*:*

History

15 Nov 2024, 18:22

Type Values Removed Values Added
References () https://www.twcert.org.tw/en/cp-139-8230-11430-2.html - () https://www.twcert.org.tw/en/cp-139-8230-11430-2.html - Third Party Advisory
References () https://www.twcert.org.tw/tw/cp-132-8223-f6da0-1.html - () https://www.twcert.org.tw/tw/cp-132-8223-f6da0-1.html - Third Party Advisory
CPE cpe:2.3:o:dlink:dsl6740c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsl6740c:-:*:*:*:*:*:*:*
First Time Dlink dsl6740c Firmware
Dlink
Dlink dsl6740c

12 Nov 2024, 13:55

Type Values Removed Values Added
Summary
  • (es) El módem D-Link DSL6740C tiene una vulnerabilidad de inyección de comandos del sistema operativo, que permite a atacantes remotos con privilegios de administrador inyectar y ejecutar comandos de sistema arbitrarios a través de una funcionalidad específica proporcionada por SSH y Telnet.

11 Nov 2024, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-11 08:15

Updated : 2024-11-15 18:22


NVD link : CVE-2024-11064

Mitre link : CVE-2024-11064

CVE.ORG link : CVE-2024-11064


JSON object : View

Products Affected

dlink

  • dsl6740c_firmware
  • dsl6740c
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')