CVE-2023-5147

Name of the Vulnerable Software and Affected Versions D-Link DAR-7000 versions up to 20151231

Description The issue is related to an unrestricted file upload vulnerability in the /sysmanage/updateos.php file of the D-Link DAR-7000 router's firmware. This vulnerability can be exploited remotely, allowing an attacker to execute arbitrary commands. The manipulation of the 1 file upload argument leads to this unrestricted upload. It is possible to initiate the attack remotely.

Recommendations For D-Link DAR-7000 versions up to 20151231, the recommended course of action is to retire and replace the product, as it is no longer supported by the maintainer and is considered end-of-life. As a temporary workaround, consider restricting access to the /sysmanage/updateos.php file and avoiding the use of the 1 file upload argument until the issue is resolved. However, given the product's end-of-life status, the most secure solution is to replace it with a supported device.