CVE-2023-44693

Name of the Vulnerable Software and Affected Versions D-Link DAR-7000 version V31R02B1413C

Description The issue is related to a lack of protection against SQL query structure attacks in the /importexport.php file of the D-Link DAR-7000 online behavior audit gateway. This can allow a remote attacker to execute arbitrary SQL code. The vulnerability is exploited via the "importexport.php" API endpoint.

Recommendations For version V31R02B1413C, as a temporary workaround, consider restricting access to the /importexport.php endpoint until a patch is available. Avoid using this endpoint in production environments to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.