CVE-2024-11068

Name of the Vulnerable Software and Affected Versions D-Link DSL6740C (affected versions not specified)

Description The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account. The vulnerability is actively exploited in the wild. It is estimated that over 59,000 results are found for the affected device, indicating a potentially large number of devices at risk.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling remote access to the device and enabling firewalls to minimize the risk of exploitation. Additionally, using strong passwords can help reduce the risk. It is advised to replace the modem immediately if possible.