D-Link DAR-7000 edit_manageadmin.php sql injection
CVE-2023-5322

8.8HIGH

Key Information:

Vendor
D-Link
Status
DAR-7000
Vendor
CVE Published:
1 October 2023

Summary

A vulnerability in the D-Link DAR-7000, specifically in the file /sysmanage/edit_manageadmin.php, allows for SQL injection through the manipulation of the 'id' argument. This flaw can potentially be exploited remotely, posing a significant security risk. As the product is no longer supported by D-Link and has reached its end-of-life status, users are strongly advised to retire the device and consider replacement options to maintain their network security.

Affected Version(s)

DAR-7000 20151231

References

https://vuldb.com/?id.240992
vdb-entrytechnical-description
https://vuldb.com/?ctiid.240992
signaturepermissions-required
https://github.com/flyyue2001/cve/blob/main/D-LINK%20-DAR...
exploit

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

HaolunSong (VulDB User)
.