Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inject arbitrary OS commands, which can then be executed on the device.
References
Configurations
No configuration.
History
16 Sep 2024, 15:30
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
16 Sep 2024, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-16 07:15
Updated : 2024-09-16 15:30
NVD link : CVE-2024-45698
Mitre link : CVE-2024-45698
CVE.ORG link : CVE-2024-45698
JSON object : View
Products Affected
No product.
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')