CVE-2024-11066

Name of the Vulnerable Software and Affected Versions: D-Link DSL6740C (affected versions not specified)

Description: The D-Link DSL6740C modem has an OS Command Injection issue, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific web page. This can be done by exploiting a vulnerability that exists due to the lack of measures to neutralize special elements used in the operating system command.

Recommendations: To mitigate the risk, users are urged to update to the latest firmware. Apply the latest security patches and follow remediation guidelines to safeguard systems. Ensure devices are updated to the latest firmware to mitigate risks. As a temporary workaround, consider restricting access to the specific web page that can be used to inject and execute arbitrary system commands until a patch is available. At the moment, there is no information about a specific version that contains a fix for this vulnerability.