CVE-2024-6045

Name of the Vulnerable Software and Affected Versions D-Link wireless routers (affected versions not specified)

Description The issue is related to an undisclosed factory testing backdoor in certain models of D-Link wireless routers. This backdoor allows unauthenticated attackers on the local area network to enable the Telnet service by accessing a specific URL and log in using the administrator credentials obtained from analyzing the firmware. The backdoor is believed to have been used for automating device testing during production.

Recommendations As a temporary workaround, consider disabling the Telnet service on the device until a patch is available. Restrict access to the device from the local area network to minimize the risk of exploitation. Avoid using the default administrator credentials for the device; change them to unique, strong credentials if possible. At the moment, there is no information about a newer version that contains a fix for this vulnerability.