CVE-2023-5154

Name of the Vulnerable Software and Affected Versions D-Link DAR-8000 versions up to 20151231

Description The issue is related to an unrestricted file upload vulnerability in the /sysmanage/changelogo.php file of the D-Link DAR-8000 router's firmware. This vulnerability can be exploited remotely, allowing an attacker to execute arbitrary commands. The manipulation of the file upload argument leads to this unrestricted upload. The product is end-of-life and should be retired and replaced.

Recommendations For D-Link DAR-8000 versions up to 20151231, the recommended course of action is to retire and replace the product, as it is no longer supported by the maintainer. As a temporary workaround, consider restricting access to the /sysmanage/changelogo.php file to minimize the risk of exploitation. Avoid using the file upload argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.