Summary: TWCERT/CC has issued urgent security advisories regarding severe vulnerabilities in the D-Link DSL-6740C modem, which is no longer supported with security updates. These vulnerabilities could allow remote attacks, including unauthorized access and control over the device.
Threat Actor: Unknown | unknown
Victim: D-Link DSL-6740C users | D-Link DSL-6740C users
Key Point :
- CVE-2024-11068 (CVSS 9.8): Allows unauthenticated attackers to modify user passwords remotely.
- CVE-2024-11067 (CVSS 7.5): Enables arbitrary file reading, potentially exposing sensitive information.
- Multiple OS Command Injection vulnerabilities (CVSS 7.2): Allow attackers with admin privileges to execute arbitrary commands.
- Immediate replacement of the modem is strongly recommended due to the lack of security updates.
- Mitigation strategies include implementing firewalls, using strong passwords, and disabling remote access.
TWCERT/CC has issued multiple security advisories for the D-Link DSL-6740C modem, revealing a range of severe vulnerabilities that could expose users to remote attacks.
The modem, which is no longer supported with security updates, suffers from a variety of flaws, including:
- CVE-2024-11068 (CVSS 9.8): Incorrect Use of Privileged APIs: This critical vulnerability allows unauthenticated attackers to remotely modify any user’s password, granting them access to web, SSH, and Telnet services.
- CVE-2024-11067 (CVSS 7.5): Arbitrary File Reading through Path Traversal: This vulnerability enables attackers to read arbitrary system files, including potentially sensitive information. Furthermore, attackers can exploit this flaw to obtain the device’s MAC address, which can be used to guess the default password and gain full control.
- CVE-2024-11066, CVE-2024-11062, CVE-2024-11063, CVE-2024-11064, CVE-2024-11065 (CVSS 7.2): OS Command Injection: These multiple vulnerabilities allow attackers with administrator privileges to inject and execute arbitrary commands on the device, potentially leading to complete system compromise.
Urgent Action Required
Due to the severity of these vulnerabilities and the lack of available security updates, TWCERT/CC strongly recommends immediate replacement of the D-Link DSL-6740C modem. Continuing to use this device poses significant security risks, including:
- Data Breaches: Attackers could steal sensitive personal information or confidential data.
- Network Takeover: Compromised devices could be used to launch attacks on other devices within the network.
- Device Hijacking: Attackers could take complete control of the modem and use it for malicious purposes.
Mitigation Strategies
While replacement is the most effective solution, users who are unable to immediately replace their devices should consider the following mitigation measures:
- Firewall Protection: Implement a strong firewall to block unauthorized access to the modem.
- Strong Passwords: Change default passwords and use strong, unique passwords for all accounts.
- Network Segmentation: Isolate the modem from other critical devices on the network.
- Disable Remote Access: Disable remote access features if not required.