D-Link Product Security Update Advisory

Overview

An update has been released to address vulnerabilities in D-Link Products. Users of the affected versions are advised to update to the latest version.
 

 

Affected Products

 

CVE-2024-45694

• DIR-X5460 A1 Firmware versions: 1.01, 1.02, 1.04, 1.10
• DIR-X4860 A1 Firmware versions: 1.00, 1.04

 

CVE-2024-45696

• DIR-X4860 A1 Firmware version: 1.00, 1.04
• COVR-X1870 Firmware version: ~ 1.02 (included)

 

CVE-2024-45695, CVE-2024-45697, CVE-2024-45698

• DIR-X4860 A1 Firemware version: 1.00, 1.04

 

 

Resolved Vulnerabilities

 

Stack buffer overflow vulnerability in D-Link’s wireless router products (CVE-2024-45694)

Stack Buffer Overflow Vulnerability in D-Link’s Wireless Router Products (CVE-2024-45695)

Hardcoded Credential Vulnerability in D-Link’s Wireless Router Products (CVE-2024-45696)

Hardcoded Credential Vulnerability in D-Link’s Wireless Router Products (CVE-2024-45697)

Command Injection Vulnerability in D-Link’s Wireless Router Products (CVE-2024-45698)

 

Vulnerability Patches

 

The following product-specific Vulnerability Patches have been made available in the latest update. If you are using an affected version, Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-45694

• DIR-X5460 A1 Firmware version: 1.11B04 or later version
• DIR-X4860 A1 Firmware version: 1.04B05 or later version

 

CVE-2024-45696

• DIR-X4860 A1 Firmware version: 1.04B05 or later version
• COVR-X1870 Firmware version: 1.03B01 or later version

 

CVE-2024-45695, CVE-2024-45697, CVE-2024-45698

• DIR-X4860 A1 Firemware version: 1.04B05 or later version

 

 

References

[1] CVE-2024-45694 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-45694

[2] CVE-2024-45695 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-45695

[3] CVE-2024-45696 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-45696

[4] CVE-2024-45697 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-45697

[5] CVE-2024-45698 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-45698

[6] D-Link WiFi router – Stack-based Buffer Overflow (CVE-2024-45694)

https://www.twcert.org.tw/en/cp-139-8081-3fb39-2.html

[7] D-Link WiFi router – Stack-based Buffer Overflow (CVE-2024-45695)

https://www.twcert.org.tw/en/cp-139-8083-a299e-2.html

[8] D-Link WiFi router – Stack-based Buffer Overflow (CVE-2024-45696)

https://www.twcert.org.tw/en/cp-139-8087-c3e70-2.html

[9] D-Link WiFi router – Stack-based Buffer Overflow (CVE-2024-45697)

https://www.twcert.org.tw/en/cp-139-8089-32df6-2.html

[10] D-Link WiFi router – Stack-based Buffer Overflow (CVE-2024-45698)

https://www.twcert.org.tw/en/cp-139-8091-bcd52-2.html