SQL Injection Vulnerability in D-Link DAR-7000 Online Behavior Audit Gateway
CVE-2023-42406

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Dar-7000 Firmware
Vendor: CVE Published:; 26 October 2023

Summary

An SQL injection vulnerability has been identified in the D-Link DAR-7000 Online Behavior Audit Gateway, specifically within the editrole.php component. This flaw allows remote attackers to exploit the system, potentially gaining access to sensitive information and executing arbitrary code. It emphasizes the severity of ensuring appropriate security measures are in place to safeguard against unauthorized access and data breaches. Administrators are urged to apply necessary patches and implement additional security controls to mitigate these risks.

References

https://github.com/flyyue2001/cve/blob/main/D-LINK%20-DAR...

https://github.com/1dreamGN/CVE/blob/main/CVE-2023-42406.md

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 26, 2023
Vulnerability Reserved
Sep 8, 2023