CVE-2024-4961

Name of the Vulnerable Software and Affected Versions D-Link DAR-7000-40 version V31R02B1413C D-Link DAR-7000 (affected versions not specified) D-Link DAR-8000 (affected versions not specified)

Description A critical vulnerability was found in the D-Link DAR-7000 and DAR-8000 routers, affecting an unknown functionality of the file /user/onlineuser.php. The manipulation of the file upload argument leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Recommendations For D-Link DAR-7000-40 version V31R02B1413C: As the product is end-of-life, it should be retired and replaced. For D-Link DAR-7000 and DAR-8000: Since these products are no longer supported by the maintainer, they should be retired and replaced. As a temporary workaround, consider disabling the /user/onlineuser.php file to minimize the risk of exploitation. Restrict access to the file upload argument in the affected file to minimize the risk of exploitation.