CVE-2024-4964

Name of the Vulnerable Software and Affected Versions D-Link DAR-7000 versions prior to the latest supported version D-Link DAR-8000 versions prior to the latest supported version

Description The issue is related to an unrestricted file upload vulnerability in the /firewall/urlblist.php file of the D-Link DAR-7000 and DAR-8000 router software. This vulnerability can be exploited remotely, allowing an attacker to execute arbitrary code. The manipulation of the file argument leads to this unrestricted upload. The attack can be initiated remotely.

Recommendations For D-Link DAR-7000 and DAR-8000, retire and replace the products as they are end-of-life and no longer supported by the maintainer. As a temporary workaround, consider restricting access to the /firewall/urlblist.php file until the issue is resolved. Avoid using the file argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.