Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-4542OS Command Injection in Dlink Dar-8000-10 Firmware

CWE-78OS Command Injection6 documents5 sources
Severity
9.8CRITICALNVD
CNA6.3VulnCheck6.3
EPSS
92.3%
top 0.28%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Dlink Dar-8000-10 FirmwareD-link Dar-8000-10
Timeline
PublishedAug 25
Latest updateAug 26

Description

A vulnerability was found in D-Link DAR-8000-10 up to 20230809. It has been classified as critical. This affects an unknown part of the file /app/sys1.php. The manipulation of the argument cmd with the input id leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238047. NOTE: The vendor was contacted early about this disclosure but did not respond in any

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5d-link/dar-8000-1020230809

🔴Vulnerability Details

3
GHSA
GHSA-85cp-hm7f-pwxw: A vulnerability was found in D-Link DAR-8000-10 up to 202308092023-08-26
CVEList
D-Link DAR-8000-10 sys1.php os command injection2023-08-25
VulnCheck
D-Link dar-8000-10_firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')2023

💥Exploits & PoCs

2
Nuclei
D-Link DAR-8000-10 - Command Injection
Nuclei
CERIO-DT Interface - Command Execution
CVE-2023-4542 — OS Command Injection in Dlink | cvebase