D-Link has managed to eliminate critical vulnerabilities in three popular models of wireless routers, preventing potential remote attackers from executing arbitrary code or accessing devices through built-in accounting data.
The affected models, which are popular among users interested in high-end Wi-Fi 6 routers (DIR-X) and MESH net (COVR) systems, were at risk. The vulnerabilities impacted the COVR-X1870 versions up to V1.02, DIR-X4860 up to V1.04B04_HOT-FIX, and DIR-X5460 up to V1.11B01_HOT-FIX.
The company disclosed information regarding five vulnerabilities, three of which were rated as critical:
- CVE-2024-45694 (CVSS: 9.8): buffer overflow in a stack leading to remote code execution.
- CVE-2024-45695 (CVSS: 9.8): similar buffer overflow issue allowing arbitrary code execution.
- CVE-2024-45696 (CVSS: 8.8): possible Telnet inclusion using built-in accounting data on the local network.
- CVE-2024-45697 (CVSS: 9.8): activation of Telnet service via WAN port for remote access.
- CVE-2024-45698 (CVSS: 8.8): inadequate input data verification in Telnet service enabling attackers
/Reports, release notes, official announcements.