CVE-2023-5148

Name of the Vulnerable Software and Affected Versions D-Link DAR-7000 and DAR-8000 up to 20151231

Description A critical vulnerability affects the file /Tool/uploadfile.php, allowing unrestricted upload through the manipulation of the file upload argument. This can be initiated remotely, potentially enabling an attacker to execute arbitrary commands. The exploit has been disclosed publicly.

Recommendations For D-Link DAR-7000 and DAR-8000 up to 20151231, it is recommended to retire and replace these products as they are end-of-life and no longer supported by the maintainer. As a temporary workaround, consider restricting access to the /Tool/uploadfile.php file to minimize the risk of exploitation. Avoid using the file upload argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.