CVE-2024-4960

Name of the Vulnerable Software and Affected Versions D-Link DAR-7000-40 version V31R02B1413C

Description A critical vulnerability has been found in the D-Link DAR-7000-40, affecting an unknown function of the file interface/sysmanage/licenseauthorization.php. The manipulation of the argument file upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This issue allows a remote attacker to execute arbitrary code.

Recommendations As a temporary workaround, consider disabling the file upload argument in the licenseauthorization.php file until a patch is available. However, since the product is end-of-life, the vendor recommends retiring and replacing it with a supported version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.