CVE-2023-4711

Name of the Vulnerable Software and Affected Versions D-Link DAR-8000-10 up to 20230819

Description The issue is related to the decodmail.php script in the D-Link DAR-8000-10 router's firmware, where it fails to neutralize special elements used in an operating system command. This can be exploited by a remote attacker to execute arbitrary commands. The manipulation of the file argument leads to os command injection. The attack may be launched remotely, and the complexity of an attack is rather high. The exploitation is known to be difficult.

Recommendations For D-Link DAR-8000-10 up to 20230819, as a temporary workaround, consider restricting access to the /log/decodmail.php file to minimize the risk of exploitation. Avoid using the file argument in the affected functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.