CVE-2024-45697 – This vulnerability affects certain D-Link wirel... (How to Fix)

Q: What is the severity of CVE-2024-45697?

CVE-2024-45697 has a CVSS score of 9.8 (CRITICAL). This vulnerability affects certain D-Link wireless routers where the telnet service is automatically enabled when the WAN port is connected, exposing hard-coded credentials. Unauthorized remote attackers can use these credentials to log in and execute arbitrary operating system commands. Organizations and home users with affected D-Link router models are at risk.

📋 TL;DR

This vulnerability affects certain D-Link wireless routers where the telnet service is automatically enabled when the WAN port is connected, exposing hard-coded credentials. Unauthorized remote attackers can use these credentials to log in and execute arbitrary operating system commands. Organizations and home users with affected D-Link router models are at risk.

💻 Affected Systems

Products:

D-Link wireless routers (specific models not fully disclosed in references)

Versions: Unknown specific versions - appears to affect multiple firmware versions

Operating Systems: Embedded Linux-based router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability activates when WAN port is physically connected. Hidden functionality that cannot be disabled via normal configuration interfaces.

📦 What is this software?

Dir X4860 Firmware by Dlink

View all CVEs affecting Dir X4860 Firmware →

Dir X4860 Firmware by Dlink

View all CVEs affecting Dir X4860 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the router allowing attackers to intercept all network traffic, install persistent malware, pivot to internal networks, and permanently disable the device.

🟠

Likely Case

Attackers gain full administrative control of the router, enabling them to redirect DNS, capture credentials, and use the device as a foothold for further attacks.

🟢

If Mitigated

If telnet is disabled or network segmentation isolates the router, impact is limited to denial of service if the device is compromised.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only telnet access and hard-coded credentials. No authentication bypass needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not provided in references

Restart Required: No

Instructions:

1. Check D-Link website for firmware updates for your specific router model. 2. Download and install any available security patches. 3. Monitor vendor communications for official fix.

🔧 Temporary Workarounds

Disable Telnet Service

all

Manually disable telnet service if router configuration interface allows it

telnet disable
service telnet stop

Block Telnet Port

linux

Use firewall rules to block incoming telnet connections (port 23)

iptables -A INPUT -p tcp --dport 23 -j DROP

🧯 If You Can't Patch

Replace affected routers with different models or brands
Implement network segmentation to isolate routers from critical assets

🔍 How to Verify

Check if Vulnerable:

Connect to router's WAN port, then attempt telnet connection to router IP on port 23 using hard-coded credentials (specific credentials not disclosed in references)

Check Version:

Check router web interface or use 'show version' via console if available

Verify Fix Applied:

After applying workarounds, attempt telnet connection to verify service is no longer accessible

📡 Detection & Monitoring

Log Indicators:

Failed telnet authentication attempts
Successful telnet logins from unexpected sources
Unusual command execution in router logs

Network Indicators:

Unexpected telnet traffic to router on port 23
Outbound connections from router to suspicious IPs

SIEM Query:

source_ip=router_ip AND destination_port=23 AND protocol=TCP

📊 Metadata

CVE ID: CVE-2024-45697

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-912

Published: September 16, 2024

Last Updated: September 19, 2024

🔗 References

https://www.twcert.org.tw/en/cp-139-8089-32df6-2.html Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-8088-590ed-1.html Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45697, you might also want to check these: