CVE-2024-11065

Name of the Vulnerable Software and Affected Versions: D-Link DSL6740C modem (affected versions not specified) D-Link TVN-202411010 (affected versions not specified)

Description: The D-Link DSL6740C modem has an OS Command Injection issue, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. This is due to the lack of measures to neutralize special elements used in the operating system command. The exploitation of this issue may allow a remote attacker to execute arbitrary commands.

Recommendations: For D-Link DSL6740C modem, update to the latest firmware to mitigate risks. For D-Link TVN-202411010, update to the latest firmware to mitigate potential exploits. As a temporary workaround, consider restricting access to SSH and Telnet functionality until a patch is available. Avoid using the vulnerable functionality provided by SSH and Telnet until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.