CVE-2023-5147

CWE-434Unrestricted File Upload3 documents3 sources
Severity
8.8HIGH
EPSS
1.3%
top 20.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dlink Dar-7000 FirmwareD-link Dar-7000
Timeline
PublishedSep 25

Description

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been classified as critical. This affects an unknown part of the file /sysmanage/updateos.php. The manipulation of the argument 1_file_upload leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240243. NOTE: This vulnerability only affects products that are

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

NVDdlink/dar-7000_firmware2015-12-31
CVEListV5d-link/dar-700020151231

🔴Vulnerability Details

2
CVEList
D-Link DAR-7000 updateos.php unrestricted upload2023-09-25
GHSA
GHSA-92qm-237g-crfp: ** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 201512312023-09-25
CVE-2023-5147 (HIGH CVSS 8.8) | ** UNSUPPORTED WHEN ASSIGNED ** A v | cvebase.io