Flyyue2001

#10035of 53,630
27.5Total CVSS
Vulnerabilities · 3
High
2
Critical
1
PT-2023-6898
10
2023-10-26
D Link · D-Link Dar-7000 · CVE-2023-42406
**Name of the Vulnerable Software and Affected Versions** D-Link DAR-7000 version V31R02B1413C **Description** The issue is related to a SQL injection vulnerability in the editrole.php component, which can be exploited by a remote attacker to obtain sensitive information and execute arbitrary code. This is due to the lack of protection measures for the SQL query structure. **Recommendations** For D-Link DAR-7000 version V31R02B1413C, consider disabling the editrole.php component until a patch is available to prevent exploitation. Restrict access to this component to minimize the risk of arbitrary code execution. Avoid using the vulnerable component for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-6502
10
2023-09-30
D Link · D-Link Dar-7000 · CVE-2023-5322
**Name of the Vulnerable Software and Affected Versions** D-Link DAR-7000 versions up to 20151231 **Description** The issue is related to the lack of validation of XML object sequences in the /sysmanage/edit manageadmin.php component of the D-Link DAR-7000 router's firmware. This can be exploited by a remote attacker to execute arbitrary SQL code. The manipulation of the `id` argument leads to SQL injection. The attack may be launched remotely. **Recommendations** As the product is end-of-life and no longer supported by the maintainer, it is recommended to retire and replace the D-Link DAR-7000 router to prevent exploitation of this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-27675
7.5
2023-09-13
Netentsec · Netentsec Ns-Asg · CVE-2023-40850
**Name of the Vulnerable Software and Affected Versions** netentsec NS-ASG version 6.3 **Description** The issue is related to Incorrect Access Control, with a file leak found in the website source code of the application security gateway. **Recommendations** For netentsec NS-ASG version 6.3, consider restricting access to sensitive files in the website source code to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.