Back

CVE-2024-4699

May 14, 2024, 4:11 p.m.

Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

Products

D-Link DAR-8000-10

  • up to 20230922

Source

cna@vuldb.com

Tags

CWE-502
cna@vuldb.com
2024-05-14
CVE-2024-4699

CVE-2024-4699 details

Published : May 14, 2024, 3:44 p.m.
Last Modified : May 14, 2024, 4:11 p.m.

Description

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230922. This issue affects some unknown processing of the file /importhtml.php. The manipulation of the argument sql leads to deserialization. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-263747. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

CVSS Score

1 2 3 4 5 6.3 7 8 9 10

Weakness

Weakness Name Description

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

Base Score

6.3

Exploitability Score

Impact Score

Base Severity

MEDIUM

Vector String : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

References

URL Source
https://github.com/I-Schnee-I/cev/blob/main/D-LINK-DAR-8000-10_rce_importhtml.md cna@vuldb.com
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10354 cna@vuldb.com
https://vuldb.com/?ctiid.263747 cna@vuldb.com
https://vuldb.com/?id.263747 cna@vuldb.com
https://vuldb.com/?submit.331311 cna@vuldb.com
This website uses the NVD API, but is not approved or certified by it.