Overview
The (non-US available) DSL-6740C model and all its hardware revisions have reached their end-of-life ("EOL")/end-of-service ("EOS") lifecycle no later than January 15, 2024.
For customers still using the product, we recommend taking one or more of the following actions:
1. Upgrade to a newer product.
2. Perform data backup.
3. Contact our office for further recommendations or information (Link).
In line with industry practice, this indicates the product may no longer receive device software updates or security patches and may no longer be supported by the us. Please read the information and recommendations below.
3rd Party Report information
- Reports provided:
- Report 1: CVE-2024-11068: Link Disclosed 11/11/2024
DESC: Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated, remote attackers to modify any user's password by leveraging the API, granting access to Web, SSH, and Telnet services using that user's account.
CNA: TWCERT/CC: 9.8 CRITICAL
: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWD-648: Incorrect Use of Privileged APIs
: Author Public Disclosure Link
- Report 2: CVE-2024-11062: Link Disclosed 11/11/2024
DESC: OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.
CNA: TWCERT/CC Base Score: 7.2 HIGH
: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
: Author Public Disclosure Link
- Report 3: CVE-2024-11063: Link Disclosed 11/11/2024
DESC: OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.
CNA: TWCERT/CC Base Score: 7.2 HIGH
: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
: Author Public Disclosure Link
- Report 4: CVE-2024-11064: Link Disclosed 11/11/2024
DESC: OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.
CNA: TWCERT/CC Base Score: 7.2 HIGH
: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
: Author Public Disclosure Link
- Report 5: CVE-2024-11065: Link Disclosed 11/11/2024
DESC: OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.
CNA: TWCERT/CC Base Score: 7.2 HIGH
: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
: Author Public Disclosure Link
- Report 6: CVE-2024-11066: Link Disclosed 11/11/2024
DESC: OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.
CNA: TWCERT/CC Base Score: 7.2 HIGH
: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
: Author Public Disclosure Link
- Report 7: CVE-2024-11067: Link Disclosed 11/11/2024
DESC: Path Traversal Vulnerability, allowing unauthenticated, remote attackers to exploit this vulnerability to read arbitrary system files. Additionally, since the device's default password is a combination of the MAC address, attackers can obtain the MAC address through this vulnerability and attempt to log in to the device using the default password.
CNA: TWCERT/CC Base Score: 7.5 HIGH
: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-23: Relative Path Traversal
: Author Public Disclosure Link
- Report 8: Nicholas-wei – Disclosure: Link
DESC: authentication bypass vulnerability; unprivileged attackers can send remote packets to reboot the device or set factory mode, causing potential Denial of Service. The authentication bypass happens in binary /sbin/thttpd
Firmware: DSL6740C.V6.TR069.20211230
Affected Models
Model
|
Region
|
Hardware Revision
|
End of Support
|
Legacy Website
|
Last Updated
|
DSL-6740C
|
Non-US
|
All Series H/W Revisions
|
01/15/2024
|
Non-US : No
|
11/12/2024
|
Recommendation for EOL /EOS Products
In line with industry practice, D-Link may periodically determine that certain products have reached a stage where further support or development is no longer feasible. This decision may be driven by commonly acknowledged factors such as technology evolution, market requirement, new innovation, product efficiency, or the need of product replacement due to superior functionality.
For US Consumer
When a product has reached the EOL/EOS lifecycle, which has always been announced for an extended period of time in advance by us, no further extended support, updates, or development may be available.
For such products, we may not be able to address issues related to device or firmware, as development and customer support may have been discontinued. If you are located outside the US, please contact your regional D-Link office for inquiry.
D-Link recommends the discontinued use of such products and cautions that continued use may pose risks to other devices connected to them. If users choose to continue using these devices, please make sure they are updated to the last known firmware, which can be located on the legacy website links above. Additionally, users should frequently update a device's unique password to access its web-configuration, and always have Wi-Fi encryption enabled with a strong and unique password.