CVE-2023-5149

Name of the Vulnerable Software and Affected Versions D-Link DAR-7000 up to 20151231

Description A critical issue affects the D-Link DAR-7000, related to the /useratte/userattestation.php file, allowing unrestricted upload through the manipulation of the web img argument. This can be exploited remotely. The issue has been disclosed publicly and may be used by attackers. It is noted that this vulnerability only affects products that are no longer supported by the maintainer, and the vendor has confirmed the product is end-of-life.

Recommendations For D-Link DAR-7000 up to 20151231, it is recommended to retire and replace the product as it is no longer supported by the maintainer. As a temporary workaround, consider restricting access to the /useratte/userattestation.php file and avoiding the use of the web img argument until a replacement can be implemented.