CVE-2023-42406

Name of the Vulnerable Software and Affected Versions D-Link DAR-7000 version V31R02B1413C

Description The issue is related to a SQL injection vulnerability in the editrole.php component, which can be exploited by a remote attacker to obtain sensitive information and execute arbitrary code. This is due to the lack of protection measures for the SQL query structure.

Recommendations For D-Link DAR-7000 version V31R02B1413C, consider disabling the editrole.php component until a patch is available to prevent exploitation. Restrict access to this component to minimize the risk of arbitrary code execution. Avoid using the vulnerable component for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.