CVE-2023-5322

Name of the Vulnerable Software and Affected Versions D-Link DAR-7000 versions up to 20151231

Description The issue is related to the lack of validation of XML object sequences in the /sysmanage/edit manageadmin.php component of the D-Link DAR-7000 router's firmware. This can be exploited by a remote attacker to execute arbitrary SQL code. The manipulation of the id argument leads to SQL injection. The attack may be launched remotely.

Recommendations As the product is end-of-life and no longer supported by the maintainer, it is recommended to retire and replace the D-Link DAR-7000 router to prevent exploitation of this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.