CVE-2024-4963

Name of the Vulnerable Software and Affected Versions D-Link DAR-7000-40 version V31R02B1413C D-Link DAR-7000 (affected versions not specified) D-Link DAR-8000 (affected versions not specified)

Description A critical issue affects an unknown part of the file /url/url.php, allowing for unrestricted upload through the manipulation of the file upload argument. This can be initiated remotely, potentially leading to the execution of arbitrary code. The exploit has been disclosed publicly.

Recommendations For D-Link DAR-7000-40 version V31R02B1413C: Consider retiring and replacing the product as it is end-of-life. For D-Link DAR-7000 and D-Link DAR-8000: As these products are also affected but specific versions are not provided, it is recommended to check with the vendor for the latest information on retirement and replacement, given their end-of-life status. At the moment, there is no information about a newer version that contains a fix for this vulnerability.