PT-2024-8176 · D Link · D-Link Dsl6740C
Chiao-Lin Yu
+1
·
Published
2024-11-11
·
Updated
2024-11-15
·
CVE-2024-11062
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
D-Link DSL6740C modem (affected versions not specified)
Description:
The D-Link DSL6740C modem has an OS Command Injection issue, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. This is due to the lack of measures to neutralize special elements used in the operating system command. The exploitation of this issue can allow a remote attacker to execute arbitrary commands.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
D-Link Dsl6740C