A critical vulnerability, CVE-2024-6045, has been discovered in several D-Link wireless router models, allowing unauthorized administrative access. The high-severity flaw has a CVSS score of 8.8 and stems from an undisclosed factory testing backdoor.
Attackers on the local area network can exploit this vulnerability by accessing a specific URL to enable the Telnet service. They can then analyze the firmware to obtain administrator credentials, gaining full control over the compromised router.
The affected models include E15, E30, G403, G415, G416, M15, M18, M30, M32, M60, R03, R04, R12, R15, R18, and R32. Users are strongly advised to update their firmware to the latest versions provided by D-Link to mitigate the risk of exploitation.
Security researcher Raymond reported the issue, and D-Link has acknowledged it, releasing firmware updates to address the vulnerability. Users must apply these updates promptly to ensure the security of their network devices.
Reference:
