CVE-2024-11066

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through the specific web page.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:dsl6740c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsl6740c:-:*:*:*:*:*:*:*

History

15 Nov 2024, 18:22

Type Values Removed Values Added
References () https://www.twcert.org.tw/en/cp-139-8232-5d94e-2.html - () https://www.twcert.org.tw/en/cp-139-8232-5d94e-2.html - Third Party Advisory
References () https://www.twcert.org.tw/tw/cp-132-8225-3d882-1.html - () https://www.twcert.org.tw/tw/cp-132-8225-3d882-1.html - Third Party Advisory
First Time Dlink dsl6740c Firmware
Dlink
Dlink dsl6740c
CPE cpe:2.3:o:dlink:dsl6740c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsl6740c:-:*:*:*:*:*:*:*

12 Nov 2024, 13:55

Type Values Removed Values Added
Summary
  • (es) El módem D-Link DSL6740C tiene una vulnerabilidad de inyección de comandos del sistema operativo, que permite a atacantes remotos con privilegios de administrador inyectar y ejecutar comandos de sistema arbitrarios a través de la página web específica.

11 Nov 2024, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-11 08:15

Updated : 2024-11-15 18:22


NVD link : CVE-2024-11066

Mitre link : CVE-2024-11066

CVE.ORG link : CVE-2024-11066


JSON object : View

Products Affected

dlink

  • dsl6740c
  • dsl6740c_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')