PT-2024-32324 · D Link · D-Link Dar-8000-10
Schnee
·
Published
2024-05-10
·
Updated
2025-07-16
·
CVE-2024-4699
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
D-Link DAR-8000-10 up to 20230922
Description
A critical issue has been found in the processing of the file /importhtml.php, where the manipulation of the
sql argument leads to deserialization. This issue can be exploited remotely. The product is end-of-life and should be retired and replaced.Recommendations
For D-Link DAR-8000-10 up to 20230922, the recommended course of action is to retire and replace the product, as it is no longer supported by the maintainer.
Exploit
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
D-Link Dar-8000-10