CVE-2024-6045 - Vulnerability Details - OpenCVE

Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Dlink	E15 Firmware E30 Firmware G403 Firmware G415 Firmware G416 Firmware M18 Firmware M30 Firmware M32 Firmware M60 Firmware R03 Firmware R04 Firmware R12 Firmware R15 Firmware R18 Firmware R32 Firmware

No data.

No data.

References

Link	Providers
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398
https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html
https://www.twcert.org.tw/tw/cp-132-7879-da630-1.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: twcert

Published: 2024-06-17T03:12:14.137Z

Updated: 2024-08-01T21:25:03.244Z

Reserved: 2024-06-17T01:58:49.676Z

Link: CVE-2024-6045

Vulnrichment

Updated: 2024-06-24T13:09:29.300Z

NVD

Status : Awaiting Analysis

Published: 2024-06-17T04:15:09.287

Modified: 2024-11-21T09:48:50.090

Link: CVE-2024-6045

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6045", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "state": "PUBLISHED", "assignerShortName": "twcert", "dateReserved": "2024-06-17T01:58:49.676Z", "datePublished": "2024-06-17T03:12:14.137Z", "dateUpdated": "2024-08-01T21:25:03.244Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "G403", "vendor": "D-Link", "versions": [{"lessThan": "1.10.01", "status": "affected", "version": "earlier", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "G415", "vendor": "D-Link", "versions": [{"lessThan": "1.10.01", "status": "affected", "version": "earlier", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "G416", "vendor": "D-Link", "versions": [{"lessThan": "1.10.01", "status": "affected", "version": "earlier", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "M18", "vendor": "D-Link", "versions": [{"lessThan": "1.10.01", "status": "affected", "version": "earlier", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "R03", "vendor": "D-Link", "versions": [{"lessThan": "1.10.01", "status": "affected", "version": "earlier", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "R04", "vendor": "D-Link", "versions": [{"lessThan": "1.10.01", "status": "affected", "version": "earlier", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "R12", "vendor": "D-Link", "versions": [{"lessThan": "1.10.01", "status": "affected", "version": "earlier", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "R18", "vendor": "D-Link", "versions": [{"lessThan": "1.10.01", "status": "affected", "version": "earlier", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "E30", "vendor": "D-Link", "versions": [{"lessThan": "1.10.02", "status": "affected", "version": "earlier", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "M30", "vendor": "D-Link", "versions": [{"lessThan": "1.10.02", "status": "affected", "version": "earlier", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "M32", "vendor": "D-Link", "versions": [{"lessThan": "1.10.02", "status": "affected", "version": "earlier", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "M60", "vendor": "D-Link", "versions": [{"lessThan": "1.10.02", "status": "affected", "version": "earlier", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "R32", "vendor": "D-Link", "versions": [{"lessThan": "1.10.02", "status": "affected", "version": "earlier", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "E15", "vendor": "D-Link", "versions": [{"lessThan": "1.20.01", "status": "affected", "version": "earlier", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "R15", "vendor": "D-Link", "versions": [{"lessThan": "1.20.01", "status": "affected", "version": "earlier", "versionType": "custom"}]}], "datePublic": "2024-06-17T03:12:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware."}], "value": "Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware."}], "impacts": [{"capecId": "CAPEC-190", "descriptions": [{"lang": "en", "value": "CAPEC-190 Reverse Engineer an Executable to Expose Assumed Hidden Functionality"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-912", "description": "CWE-912: Hidden Functionality", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-798", "description": "CWE-798: Use of Hard-coded Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2024-06-17T03:12:14.137Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-7879-da630-1.html"}, {"tags": ["third-party-advisory"], "url": "https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html"}, {"tags": ["vendor-advisory"], "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Please update firmware of following models to 1.10.01 or later version\uff1a<br>G403, G415, G416, M18, R03, R04, R12, R18<br><br>Please update firmware of following models to 1.10.02 or later version\uff1a <br>E30, M30, M32, M60, R32<br><br>Please update firmware of following models to 1.20.01 or later version\uff1a<br>E15, R15<br>"}], "value": "Please update firmware of following models to 1.10.01 or later version\uff1a\nG403, G415, G416, M18, R03, R04, R12, R18\n\nPlease update firmware of following models to 1.10.02 or later version\uff1a \nE30, M30, M32, M60, R32\n\nPlease update firmware of following models to 1.20.01 or later version\uff1a\nE15, R15"}], "source": {"advisory": "TVN-202406013", "discovery": "EXTERNAL"}, "title": "D-Link router - Hidden Backdoor", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "dlink", "product": "g403_firmware", "cpes": ["cpe:2.3:o:dlink:r12_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:r18_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:r04_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:r03_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:m18_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:g416_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:g415_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:g403_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "1.10.01", "versionType": "custom"}]}, {"vendor": "dlink", "product": "e30_firmware", "cpes": ["cpe:2.3:o:dlink:r32_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:m60_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:m32_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:m30_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:e30_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "1.10.02", "versionType": "custom"}]}, {"vendor": "dlink", "product": "e15_firmware", "cpes": ["cpe:2.3:o:dlink:r15_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:e15_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "1.20.01", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-22T03:55:29.791651Z", "id": "CVE-2024-6045", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-24T13:16:42.373Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:25:03.244Z"}, "title": "CVE Program Container", "references": [{"tags": ["third-party-advisory", "x_transferred"], "url": "https://www.twcert.org.tw/tw/cp-132-7879-da630-1.html"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6045", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-22T03:55:29.791651Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:dlink:r12_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:r18_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:r04_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:r03_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:m18_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:g416_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:g415_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:g403_firmware:*:*:*:*:*:*:*:*"], "vendor": "dlink", "product": "g403_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "1.10.01", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:o:dlink:r32_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:m60_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:m32_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:m30_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:e30_firmware:*:*:*:*:*:*:*:*"], "vendor": "dlink", "product": "e30_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "1.10.02", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:o:dlink:r15_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:dlink:e15_firmware:*:*:*:*:*:*:*:*"], "vendor": "dlink", "product": "e15_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "1.20.01", "versionType": "custom"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-24T13:09:29.300Z"}}], "cna": {"title": "D-Link router - Hidden Backdoor", "source": {"advisory": "TVN-202406013", "discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-190", "descriptions": [{"lang": "en", "value": "CAPEC-190 Reverse Engineer an Executable to Expose Assumed Hidden Functionality"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "D-Link", "product": "G403", "versions": [{"status": "affected", "version": "earlier", "lessThan": "1.10.01", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "D-Link", "product": "G415", "versions": [{"status": "affected", "version": "earlier", "lessThan": "1.10.01", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "D-Link", "product": "G416", "versions": [{"status": "affected", "version": "earlier", "lessThan": "1.10.01", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "D-Link", "product": "M18", "versions": [{"status": "affected", "version": "earlier", "lessThan": "1.10.01", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "D-Link", "product": "R03", "versions": [{"status": "affected", "version": "earlier", "lessThan": "1.10.01", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "D-Link", "product": "R04", "versions": [{"status": "affected", "version": "earlier", "lessThan": "1.10.01", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "D-Link", "product": "R12", "versions": [{"status": "affected", "version": "earlier", "lessThan": "1.10.01", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "D-Link", "product": "R18", "versions": [{"status": "affected", "version": "earlier", "lessThan": "1.10.01", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "D-Link", "product": "E30", "versions": [{"status": "affected", "version": "earlier", "lessThan": "1.10.02", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "D-Link", "product": "M30", "versions": [{"status": "affected", "version": "earlier", "lessThan": "1.10.02", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "D-Link", "product": "M32", "versions": [{"status": "affected", "version": "earlier", "lessThan": "1.10.02", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "D-Link", "product": "M60", "versions": [{"status": "affected", "version": "earlier", "lessThan": "1.10.02", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "D-Link", "product": "R32", "versions": [{"status": "affected", "version": "earlier", "lessThan": "1.10.02", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "D-Link", "product": "E15", "versions": [{"status": "affected", "version": "earlier", "lessThan": "1.20.01", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "D-Link", "product": "R15", "versions": [{"status": "affected", "version": "earlier", "lessThan": "1.20.01", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please update firmware of following models to 1.10.01 or later version\uff1a\nG403, G415, G416, M18, R03, R04, R12, R18\n\nPlease update firmware of following models to 1.10.02 or later version\uff1a \nE30, M30, M32, M60, R32\n\nPlease update firmware of following models to 1.20.01 or later version\uff1a\nE15, R15", "supportingMedia": [{"type": "text/html", "value": "Please update firmware of following models to 1.10.01 or later version\uff1a<br>G403, G415, G416, M18, R03, R04, R12, R18<br><br>Please update firmware of following models to 1.10.02 or later version\uff1a <br>E30, M30, M32, M60, R32<br><br>Please update firmware of following models to 1.20.01 or later version\uff1a<br>E15, R15<br>", "base64": false}]}], "datePublic": "2024-06-17T03:12:00.000Z", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7879-da630-1.html", "tags": ["third-party-advisory"]}, {"url": "https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html", "tags": ["third-party-advisory"]}, {"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware.", "supportingMedia": [{"type": "text/html", "value": "Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-912", "description": "CWE-912: Hidden Functionality"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-798", "description": "CWE-798: Use of Hard-coded Credentials"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2024-06-17T03:12:14.137Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6045", "state": "PUBLISHED", "dateUpdated": "2024-06-24T13:16:42.373Z", "dateReserved": "2024-06-17T01:58:49.676Z", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "datePublished": "2024-06-17T03:12:14.137Z", "assignerShortName": "twcert"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware."}, {"lang": "es", "value": "Ciertos modelos de enrutadores inal\u00e1mbricos D-Link contienen una puerta trasera de prueba de f\u00e1brica no revelada. Los atacantes no autenticados en la red de \u00e1rea local pueden obligar al dispositivo a habilitar el servicio Telnet accediendo a una URL espec\u00edfica y pueden iniciar sesi\u00f3n utilizando las credenciales de administrador obtenidas al analizar el firmware."}], "id": "CVE-2024-6045", "lastModified": "2024-11-21T09:48:50.090", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "twcert@cert.org.tw", "type": "Secondary"}]}, "published": "2024-06-17T04:15:09.287", "references": [{"source": "twcert@cert.org.tw", "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398"}, {"source": "twcert@cert.org.tw", "url": "https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html"}, {"source": "twcert@cert.org.tw", "url": "https://www.twcert.org.tw/tw/cp-132-7879-da630-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.twcert.org.tw/tw/cp-132-7879-da630-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}, {"lang": "en", "value": "CWE-912"}], "source": "twcert@cert.org.tw", "type": "Secondary"}]}