Hidden Functionality

CVE-2024-45697

High

9.8/10

Summary

Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-912 - Hidden Functionality

The software contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the software's users or administrators.

References

Advisory Timeline

Published Sep 16, 2024

Hidden Functionality

CVE-2024-45697

Summary

CWE-912 - Hidden Functionality

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS