CVE-2024-45697

Name of the Vulnerable Software and Affected Versions D-Link DIR-X4860 A1 version 1.00/1.04 D-Link DIR-X5460A1 (affected versions not specified) D-Link COVR-X1870 (affected versions not specified)

Description The issue concerns a hidden functionality in certain D-Link wireless routers where the telnet service is enabled when the WAN port is plugged in. This allows unauthorized remote attackers to log in and execute OS commands using hard-coded credentials. The vulnerability is related to the presence of undocumented configuration commands in the telnet service.

Recommendations For D-Link DIR-X4860 A1 version 1.00/1.04, restrict telnet access and patch immediately. For D-Link DIR-X5460A1 and D-Link COVR-X1870, at the moment, there is no information about a newer version that contains a fix for this vulnerability.