Shechenran

**Name of the Vulnerable Software and Affected Versions** D-Link DAR-7000 up to 20240912 **Description** A critical vulnerability has been found in the file /view/DBManage/Backup Server commit.php, allowing for os command injection through the manipulation of the `host` argument. This issue can be exploited remotely. The vulnerability exists due to the lack of measures to neutralize special elements used in the operating system command. It is possible for an attacker to execute arbitrary commands remotely. **Recommendations** For D-Link DAR-7000 up to 20240912, as the products are no longer supported by the maintainer, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the /view/DBManage/Backup Server commit.php file and avoiding the use of the `host` argument in this context until further guidance is available.