CVE-2024-41616

Summary

CVE-2024-41616 is a newly disclosed vulnerability affecting the D-Link DIR-300 REVA router. The issue lies in the device's firmware version 1.06B05_WW, where hardcoded Telnet service credentials have been discovered. An attacker can exploit this vulnerability by gaining unauthorized access to the router's Telnet service using the hardcoded credentials. This can potentially lead to further exploitation, including changing configurations, installing malware, or gaining access to the local network. Users are advised to update their firmware to a non-vulnerable version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.