CVE-2023-5148

CWE-434 — Unrestricted File Upload4 documents4 sources

Severity

8.8HIGH

EPSS

4.5%

top 10.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Dar-7000 Firmware Dlink Dar-8000 Firmware D-link Dar-7000 +1 more

Timeline

PublishedSep 25

Description

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231. It has been declared as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240244. NOTE: This vulnerability only affects products that are no …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages4 packages

▶NVDdlink/dar-7000_firmware2015-12-31

▶NVDdlink/dar-8000_firmware2015-12-31

▶CVEListV5d-link/dar-700020151231

▶CVEListV5d-link/dar-800020151231

🔴Vulnerability Details

GHSA

GHSA-fv49-5g7c-gh7p: ** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231↗2023-09-25

▶

CVEList

D-Link DAR-7000/DAR-8000 uploadfile.php unrestricted upload↗2023-09-25

▶

VulnCheck

D-Link dar-7000_firmware Unrestricted Upload of File with Dangerous Type↗2023

▶