CVE-2024-4962

Name of the Vulnerable Software and Affected Versions D-Link DAR-7000-40 version V31R02B1413C

Description A critical issue has been found in the file /useratte/resmanage.php, allowing for unrestricted upload through the manipulation of the file argument. This can be exploited remotely, potentially leading to arbitrary code execution. The issue affects products that are no longer supported by the maintainer, and the vendor has confirmed that the product is end-of-life.

Recommendations For D-Link DAR-7000-40 version V31R02B1413C, it is recommended to retire and replace the product as it is no longer supported by the maintainer. As a temporary workaround, consider restricting access to the /useratte/resmanage.php file to minimize the risk of exploitation. Avoid using the file argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.