CVE-2023-5145

Name of the Vulnerable Software and Affected Versions D-Link DAR-7000 version up to 20151231 D-Link DAR-8000 (affected versions not specified)

Description A critical vulnerability has been found in the sysmanage/licence.php component of D-Link DAR-7000 and DAR-8000, related to the lack of restrictions on file uploads. The manipulation of the file upload argument leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Recommendations For D-Link DAR-7000 version up to 20151231: As the product is end-of-life, it should be retired and replaced. For D-Link DAR-8000: At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the /sysmanage/licence.php file to minimize the risk of exploitation. Restrict access to the file upload argument in the affected API endpoint until the issue is resolved.