CVE-2023-5144

Name of the Vulnerable Software and Affected Versions D-Link DAR-7000 and DAR-8000 up to 20151231

Description A critical vulnerability was found in the /sysmanage/updateos.php file, allowing for unrestricted upload due to the manipulation of the file upload argument. This can be exploited remotely, potentially allowing an attacker to execute arbitrary commands. The exploit has been disclosed to the public. The products affected by this vulnerability are no longer supported by the maintainer and should be retired and replaced.

Recommendations As a temporary workaround, consider disabling the file upload argument in the /sysmanage/updateos.php file until the issue is resolved. Restrict access to the /sysmanage/updateos.php file to minimize the risk of exploitation. Since the products are end-of-life, the recommended course of action is to retire and replace them. At the moment, there is no information about a newer version that contains a fix for this vulnerability.