SQL Injection Vulnerability in D-Link Online Behavior Audit Gateway
CVE-2023-44694

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Dar-7000 Firmware
Vendor: CVE Published:; 17 October 2023

Summary

The D-Link Online Behavior Audit Gateway DAR-7000 V31R02B1413C is susceptible to SQL Injection through a specific endpoint (/log/mailrecvview.php). This vulnerability could allow attackers to manipulate queries made to the database, potentially leading to unauthorized access or exposure of sensitive data.

References

https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2023
Vulnerability Reserved
Oct 2, 2023