CVE-2023-5151

Name of the Vulnerable Software and Affected Versions D-Link DAR-8000 versions up to 20151231

Description The issue is related to the lack of protection against SQL injection in the /autheditpwd.php script of the D-Link DAR-8000 router's firmware. This allows a remote attacker to execute arbitrary commands by manipulating the hid id argument, leading to SQL injection. The attack can be launched remotely.

Recommendations For D-Link DAR-8000 versions up to 20151231, consider retiring and replacing the product as it is end-of-life and no longer supported by the maintainer. As a temporary workaround, restrict access to the /autheditpwd.php script to minimize the risk of exploitation. Avoid using the hid id argument in the affected script until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.