CVE-2023-44694

Name of the Vulnerable Software and Affected Versions D-Link DAR-7000 version V31R02B1413C

Description The issue is related to a lack of protection against SQL query structure attacks in the /log/mailrecvview.php file of the D-Link DAR-7000 online behavior audit gateway. This can allow a remote attacker to execute arbitrary SQL code. The vulnerability is exploited via the /log/mailrecvview.php API endpoint.

Recommendations For version V31R02B1413C, as a temporary workaround, consider restricting access to the /log/mailrecvview.php API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.