Os Command Injection Vulnerability in D-Link DAR-7000-40 Router
CVE-2024-4965
What is CVE-2024-4965?
A serious os command injection vulnerability has been identified in the D-Link DAR-7000-40 router, specifically affecting the file /useratte/resmanage.php. This vulnerability allows an attacker to manipulate the input argument 'load', which can lead to unauthorized execution of operating system commands. The nature of this issue offers potential for remote exploitation, making it a significant concern for users of affected models. Notably, this vulnerability has been disclosed to the public, signaling a high risk of exploitation. It is essential to note that this product is no longer supported by D-Link, rendering it vulnerable indefinitely. Users are strongly advised to retire or replace the device to mitigate potential risks.
Affected Version(s)
DAR-7000-40 V31R02B1413C