CVE-2024-4965

Name of the Vulnerable Software and Affected Versions D-Link DAR-7000-40 version V31R02B1413C D-Link DAR-7000 (affected versions not specified) D-Link DAR-8000 (affected versions not specified)

Description A critical issue affects the processing of the file /useratte/resmanage.php, where the manipulation of the load argument leads to os command injection. This can be exploited remotely. The issue is due to the lack of measures to neutralize special elements used in the operating system command.

Recommendations For D-Link DAR-7000-40 version V31R02B1413C: The product should be retired and replaced as it is end-of-life. For D-Link DAR-7000 and D-Link DAR-8000: At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the /useratte/resmanage.php file to minimize the risk of exploitation.