CVE-2023-5146

Name of the Vulnerable Software and Affected Versions D-Link DAR-7000 versions up to 20151231 D-Link DAR-8000 versions up to 20151231

Description The issue is related to an unrestricted file upload vulnerability in the /sysmanage/updatelib.php file of the D-Link DAR-7000 and DAR-8000 router software. This vulnerability can be exploited remotely, allowing an attacker to execute arbitrary commands. The manipulation of the file upload argument leads to this unrestricted upload. The attack may be launched remotely.

Recommendations For D-Link DAR-7000 versions up to 20151231: As the product is end-of-life, it is recommended to retire and replace it. For D-Link DAR-8000 versions up to 20151231: As the product is end-of-life, it is recommended to retire and replace it. As a temporary workaround, consider restricting access to the /sysmanage/updatelib.php file to minimize the risk of exploitation. Avoid using the file upload argument in the affected API endpoint until the issue is resolved.