D-Link DAR-7000/DAR-8000 updatelib.php unrestricted upload
CVE-2023-5146

8.8HIGH

Key Information:

Vendor
D-Link
Status
DAR-7000
DAR-8000
Vendor
CVE Published:
25 September 2023

Summary

A vulnerability has been identified in certain D-Link router models, specifically DAR-7000 and DAR-8000, where an unrestricted file upload can be executed via the /sysmanage/updatelib.php file. This unauthorized upload can be initiated remotely, allowing an attacker to implement harmful files on the system. It’s important to note that these products are no longer supported by D-Link, raising significant risk for users. Organizations using these devices should consider replacement or alternative security measures to mitigate potential threats.

Affected Version(s)

DAR-7000 20151231

DAR-8000 20151231

References

https://vuldb.com/?id.240242
vdb-entrytechnical-description
https://vuldb.com/?ctiid.240242
signaturepermissions-required
https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_...
exploitpatch

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

llixixioo (VulDB User)
.