CVE-2023-5143

Name of the Vulnerable Software and Affected Versions D-Link DAR-7000 up to 20151231

Description A critical vulnerability has been found in the D-Link DAR-7000, affecting the processing of the file /log/webmailattach.php. The manipulation of the table name argument leads to an unknown weakness. This issue may be exploited remotely, allowing an attacker to execute arbitrary commands. The exploit has been disclosed to the public. The product is end-of-life and should be retired and replaced.

Recommendations As a temporary workaround, consider disabling access to the /log/webmailattach.php file until the product can be replaced. Restrict access to the table name argument to minimize the risk of exploitation. Since the product is no longer supported, the best course of action is to retire and replace it with a supported version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.