Wangfei

**Name of the Vulnerable Software and Affected Versions** D-Link DAR-7000 up to 20231126 **Description** A critical vulnerability has been found in the D-Link DAR-7000, affecting the file /user/inc/workidajax.php. The issue is related to the lack of protection against SQL injection when handling the `id` parameter. This allows a remote attacker to execute arbitrary SQL code and potentially elevate their privileges. The exploit has been disclosed to the public. **Recommendations** For D-Link DAR-7000 up to 20231126, as a temporary workaround, consider disabling the `id` argument in the /user/inc/workidajax.php file until a patch is available. Restrict access to the vulnerable file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.