Overview
The (Non-US Available) DSL-6740C, all hardware revisions, reached their end-of-life ("EOL") /end-of-service-life ("EOS") Life Cycle on January 15, 2024. D-Link US recommends retiring and replacing D-Link devices that have reached EOL/EOS. Please contact your regional office for recommendations (LINK).
As a general policy, when products reach EOS/EOL, they can no longer be supported, and all firmware development for these products ceases. Please read the information and recommendations below.
3rd Party Report information
- Reports provided:
- Report 1: CVE-2024-11068: Link Disclosed 11/11/2024
DESC : Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user's password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user's account.
CNA : TWCERT/CC: 9.8 CRITICAL
: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWD-648: Incorrect Use of Privileged APIs
: Author Public Disclosure Link
- Report 2: CVE-2024-11062: Link Disclosed 11/11/2024
DESC : OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.
CNA: TWCERT/CC Base Score: 7.2 HIGH
: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
: Author Public Disclosure Link
- Report 3: CVE-2024-11063: Link Disclosed 11/11/2024
DESC : OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.
CNA: TWCERT/CC Base Score: 7.2 HIGH
: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
: Author Public Disclosure Link
- Report 4: CVE-2024-11064: Link Disclosed 11/11/2024
DESC : OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.
CNA: TWCERT/CC Base Score: 7.2 HIGH
: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
: Author Public Disclosure Link
- Report 5: CVE-2024-11065: Link Disclosed 11/11/2024
DESC : OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.
CNA: TWCERT/CC Base Score: 7.2 HIGH
: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
: Author Public Disclosure Link
- Report 6: CVE-2024-11066: Link Disclosed 11/11/2024
DESC : OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.
CNA: TWCERT/CC Base Score: 7.2 HIGH
: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
: Author Public Disclosure Link
- Report 6: CVE-2024-11067: Link Disclosed 11/11/2024
DESC : Path Traversal Vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. Additionally, since the device's default password is a combination of the MAC address, attackers can obtain the MAC address through this vulnerability and attempt to log in to the device using the default password.
CNA: TWCERT/CC Base Score: 7.5 HIGH
: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-23: Relative Path Traversal
: Author Public Disclosure Link
Affected Models
|
Model
|
Region
|
Hardware Revision
|
End of Support
|
Legacy Website
|
Last Updated
|
|
DSL-6740C
|
Non-US
|
All Series H/W Revisions
|
01/15/2024
|
Non-US : No
|
11/12/2024
|
Recommendation for End-of-Support/End-of-Life Products
From time to time, D-Link decides that some of its products have reached the End of Support ("EOS") or End of Life (“EOL”). D-Link may choose to EOS/EOL a product due to technological evolution, market demands, innovations, product efficiencies based on new technologies, or the product maturing over time and should be replaced by functionally superior technology.
For US Consumer
If a product has reached the End of Support ("EOS") or End of Life ("EOL"), it is usually not supported or developed further.
Typically, D-Link cannot resolve device or firmware issues for these products since all development and customer support have ceased.
D-Link strongly recommends that this product be retired and cautions that further use may risk connected devices. If US consumers continue to use these devices against D-Link's recommendation, please ensure that the device has the most recent firmware, frequently updates its unique password to access its web configuration, and always has WIFI encryption enabled with a unique password.