CVE-2024-11064

HIGH EPSS 67.4%

Published Nov 11, 20241y ago · Modified Jun 17, 20261w ago

7.2 CVSS 3.1

High

Published Nov 11, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.

CVSS Details

Base Score

7.2

Exploitability

1.2

Impact

5.9

Vector string

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required High

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

67.4% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-78 OS Command Injection Injection

Affected Products 2

Vendor	Product	Version	Range
dlink	dsl6740c_firmware	*	any
dlink	dsl6740c	*	any

References 2

twcert.org.tw https://www.twcert.org.tw/en/cp-139-8230-11430-2.html

Third Party Advisory
twcert.org.tw https://www.twcert.org.tw/tw/cp-132-8223-f6da0-1.html

Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.