CVE-2024-4965

CWE-78OS Command Injection3 documents3 sources
Severity
5.3MEDIUM
EPSS
3.1%
top 13.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
D-link Dar-7000-40Dlink Dar-7000 Firmware
Timeline
PublishedMay 16

Description

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000-40 V31R02B1413C and classified as critical. This issue affects some unknown processing of the file /useratte/resmanage.php. The manipulation of the argument load leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264533 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer su

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5d-link/dar-7000-40V31R02B1413C
NVDdlink/dar-7000_firmware31r02b1413c

🔴Vulnerability Details

2
CVEList
D-Link DAR-7000-40 resmanage.php os command injection2024-05-16
GHSA
GHSA-g827-h3jp-qr6m: ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000-40 V31R02B1413C and classified as critical2024-05-16