Vulnerability in D-Link DAR-7000 Could Lead to Deserialization Attack
CVE-2024-6525
Key Information:
Badges
Summary
A vulnerability has been identified in D-Link DAR-7000 products up to version 20230922, specifically affecting the functionality of the /log/decodmail.php file. This issue allows unauthorized manipulation of arguments, leading to deserialization vulnerabilities which can be exploited remotely. Importantly, this vulnerability impacts products that are no longer supported by D-Link, increasing the risk of successful exploitation. Public disclosure of the exploit means potential attacks could occur if systems remain unpatched.
Affected Version(s)
DAR-7000 20230922
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved