CVE-2024-11062 – The D-Link DSL6740C modem has an OS command inj... (How to Fix)

Q: What is the severity of CVE-2024-11062?

CVE-2024-11062 has a CVSS score of 7.2 (HIGH). The D-Link DSL6740C modem has an OS command injection vulnerability that allows authenticated attackers with administrator privileges to execute arbitrary system commands via SSH or Telnet. This affects all users of this specific modem model who have SSH or Telnet enabled. Attackers can gain full control of the device and potentially pivot to internal networks.

📋 TL;DR

The D-Link DSL6740C modem has an OS command injection vulnerability that allows authenticated attackers with administrator privileges to execute arbitrary system commands via SSH or Telnet. This affects all users of this specific modem model who have SSH or Telnet enabled. Attackers can gain full control of the device and potentially pivot to internal networks.

💻 Affected Systems

Products:

D-Link DSL6740C

Versions: All versions prior to patch

Operating Systems: Embedded Linux-based firmware

Default Config Vulnerable: ⚠️ Yes

Notes: SSH and Telnet services must be enabled for exploitation. Default admin credentials increase risk.

📦 What is this software?

Dsl6740c Firmware by Dlink

View all CVEs affecting Dsl6740c Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full compromise of the modem allowing attackers to intercept all network traffic, install persistent malware, pivot to internal devices, and use the device as a botnet node.

🟠

Likely Case

Attackers with stolen or default credentials gain full control of the modem, enabling network traffic monitoring, DNS hijacking, and credential theft from connected devices.

🟢

If Mitigated

With SSH/Telnet disabled and strong unique admin credentials, the attack surface is significantly reduced, though physical access or other vulnerabilities could still be exploited.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires admin credentials but is straightforward once authenticated. Public technical details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check D-Link support for latest firmware

Vendor Advisory: https://support.dlink.com/

Restart Required: Yes

Instructions:

1. Log into modem web interface. 2. Navigate to Management > Firmware Update. 3. Download latest firmware from D-Link support site. 4. Upload and apply update. 5. Reboot modem.

🔧 Temporary Workarounds

Disable SSH and Telnet

all

Disable remote administration services to prevent exploitation

Change Default Credentials

all

Use strong unique admin password

🧯 If You Can't Patch

Isolate modem on separate VLAN with strict firewall rules
Implement network monitoring for suspicious SSH/Telnet activity

🔍 How to Verify

Check if Vulnerable:

Check if SSH/Telnet is enabled and test command injection via authenticated session

Check Version:

Log into web interface and check System Status > Firmware Version

Verify Fix Applied:

Verify firmware version is updated and test that command injection no longer works

📡 Detection & Monitoring

Log Indicators:

Unusual SSH/Telnet login attempts
Suspicious command execution in system logs
Multiple failed authentication attempts

Network Indicators:

Unexpected outbound connections from modem
SSH/Telnet traffic to unusual destinations
DNS queries to malicious domains

SIEM Query:

source="modem_logs" AND (event="ssh_login" OR event="telnet_login") AND user="admin" AND result="success"

📊 Metadata

CVE ID: CVE-2024-11062

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

Published: November 11, 2024

Last Updated: November 15, 2024

🔗 References

https://www.twcert.org.tw/en/cp-139-8228-1fbb0-2.html Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-8221-601c3-1.html Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-11062, you might also want to check these: