CVE-2023-5143Improper Input Validation in Dlink Dar-7000 Firmware

CWE-20Improper Input Validation3 documents3 sources
Severity
9.8CRITICALNVD
CNA6.3
EPSS
0.4%
top 36.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dlink Dar-7000 FirmwareD-link Dar-7000
Timeline
PublishedSep 24
Latest updateSep 25

Description

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-7000 up to 20151231. This issue affects some unknown processing of the file /log/webmailattach.php. The manipulation of the argument table_name leads to an unknown weakness. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240239. NOTE: This vulnerability only affects products that

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5d-link/dar-700020151231

🔴Vulnerability Details

2
GHSA
GHSA-56j8-qjmh-75v8: ** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-70002023-09-25
CVEList
D-Link DAR-7000 webmailattach.php Privilege Escalation2023-09-24
CVE-2023-5143 — Improper Input Validation in Dlink | cvebase