CVE-2024-6525Deserialization of Untrusted Data in Dlink Dar-7000 Firmware

CWE-502Deserialization of Untrusted Data3 documents3 sources
Severity
5.1MEDIUMNVD
EPSS
3.0%
top 13.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dlink Dar-7000 FirmwareD-link Dar-7000
Timeline
PublishedJul 5

Description

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20230922. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-270368. NOTE: This vulnerability only affects products that are no longer support

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

NVDdlink/dar-7000_firmware2023-09-22
CVEListV5d-link/dar-700020230922

🔴Vulnerability Details

2
GHSA
GHSA-v6cv-pjf9-9v55: ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 202309222024-07-05
CVEList
D-Link DAR-7000 decodmail.php deserialization2024-07-05
CVE-2024-6525 — Deserialization of Untrusted Data | cvebase