CVE-2024-45696

Name of the Vulnerable Software and Affected Versions D-Link DIR-X4860 versions (affected versions not specified) D-Link DIR-X5460A1 versions (affected versions not specified) D-Link COVR-X1870 versions (affected versions not specified)

Description The issue is related to the presence of hidden functionality in certain D-Link wireless routers, allowing an attacker to forcibly enable the telnet service by sending specific packets to the web service. This can grant the attacker access to the device using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the same local network as the device.

Recommendations For D-Link DIR-X4860, consider disabling the telnet service immediately and check for firmware updates from the vendor. For D-Link DIR-X5460A1, consider disabling the telnet service immediately and check for firmware updates from the vendor. For D-Link COVR-X1870, consider disabling the telnet service immediately and check for firmware updates from the vendor. As a temporary workaround, restrict access to the telnet service to minimize the risk of exploitation.