CVE-2023-6581

Name of the Vulnerable Software and Affected Versions D-Link DAR-7000 up to 20231126

Description A critical vulnerability has been found in the D-Link DAR-7000, affecting the file /user/inc/workidajax.php. The issue is related to the lack of protection against SQL injection when handling the id parameter. This allows a remote attacker to execute arbitrary SQL code and potentially elevate their privileges. The exploit has been disclosed to the public.

Recommendations For D-Link DAR-7000 up to 20231126, as a temporary workaround, consider disabling the id argument in the /user/inc/workidajax.php file until a patch is available. Restrict access to the vulnerable file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.