In a important safety disclosure, it has been revealed that 1000’s of end-of-life (EOL) D-Hyperlink DSL-6740C routers are weak to password change assaults.
The vulnerability tracked as CVE-2024-11068 has been rated as important by the TWCERT/CC, with an alarming CVSS rating of 9.8.
The affected routers, not supported by D-Hyperlink as of January 15, 2024, are at excessive danger of unauthorized entry and potential misuse.
Free Final Steady Safety Monitoring Information - Obtain Right here (PDF)
CVE-2024-11068 – Unauthorized Configuration Entry Vulnerability
The vulnerability permits attackers to achieve unauthorized entry to the router’s configuration, enabling them to vary the system’s administrator password remotely.
Attributable to improper dealing with of privileged APIs within the router’s firmware, this may be completed with none prior authentication.
As soon as exploited, attackers may take full management of the affected routers, compromising related networks’ integrity, confidentiality, and availability.
Affected Fashions
The affected routers are DSL-6740C, a mannequin not obtainable within the US market:
| Mannequin | Area | {Hardware} Revision | Finish of Help | Legacy Web site | Final Up to date |
| DSL-6740C | Non-US | All Sequence H/W Revisions | 01/15/2024 | No | 11/12/2024 |
Because the DSL-6740C routers have reached their Finish of Life (EOL) and Finish of Help (EOS), D-Hyperlink urges customers to retire them and exchange them with newer fashions.
No additional firmware updates or buyer help will likely be offered for these routers, leaving them weak to future exploits.
D-Hyperlink recommends making use of the most recent firmware, altering default passwords, and guaranteeing Wi-Fi encryption is enabled for individuals who proceed to make use of these gadgets.
The disclosure of CVE-2024-11068 reminds customers to switch outdated and unsupported {hardware}.
Continued use of those routers may expose customers to important safety dangers, together with unauthorized entry and community compromise.
Run personal, Actual-time Malware Evaluation in each Home windows & Linux VMs. Get a 14-day free trial with ANY.RUN!