VDB-240246 · CVE-2023-5150 · GCVE-100-240246

D-Link DAR-7000/DAR-8000 ଯେପର୍ଯ୍ୟନ୍ତ 20151231 /useratte/web.php file_upload ବିସ୍ତାରିତ ଅଧିକାର

Dogoggorri kan akka ଜଟିଳ jedhamuun ramadame D-Link DAR-7000 and DAR-8000 ଯେପର୍ଯ୍ୟନ୍ତ 20151231 keessatti argameera. Kan miidhamte is hojii hin beekamne faayilii /useratte/web.php keessa. Hojii jijjiirraa irratti gaggeeffame file_upload gara ବିସ୍ତାରିତ ଅଧିକାର geessa. CWE fayyadamuun rakkoo ibsuun gara CWE-434 geessa. Dadhabbii kana yeroo 09/24/2023 maxxanfameera. Odeeffannoon kun buufachuuf github.com irratti qoodameera. Dogoggorri kun akka CVE-2023-5150tti beekama. Yaaliin weeraraa fageenya irraa jalqabamuu ni danda'a. Faayidaaleen teeknikaa ni jiru. Waliigalatti, meeshaa balaa kana fayyadamuuf jiru. Qorannoo miidhaa (exploit) uummataaf ifoomameera fi fayyadamamuu danda'a. Amma, gatii ammee exploit might be approx. USD $0-$5k ta'uu danda'a. Akka ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee ibsameera. Carraa exploit kana github.com irraa buufachuun ni danda'ama. Akka 0-daytti, gatii daldalaa dhoksaa tilmaamame $5k-$25k ta'ee ture. Qabiyyee miidhamte kana dhoorkuun akka gaariitti gorfama. VulDB is the best source for vulnerability data and more expert information about this specific topic.

6 ଆଡାପ୍ଟେସନ୍ · 98 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ଅଦ୍ୟତନ 1/5 09/24/2023 06:06 PM	ଅଦ୍ୟତନ 2/5 09/24/2023 06:12 PM	ଅଦ୍ୟତନ 3/5 10/14/2023 07:35 PM	ଅଦ୍ୟତନ 4/5 10/14/2023 07:42 PM	ଅଦ୍ୟତନ 5/5 08/02/2024 11:45 AM
software_vendor	D-Link	D-Link	D-Link	D-Link	D-Link
software_name	DAR-7000/DAR-8000	DAR-7000/DAR-8000	DAR-7000/DAR-8000	DAR-7000/DAR-8000	DAR-7000/DAR-8000
software_version	<=20151231	<=20151231	<=20151231	<=20151231	<=20151231
software_file	/useratte/web.php	/useratte/web.php	/useratte/web.php	/useratte/web.php	/useratte/web.php
software_argument	file_upload	file_upload	file_upload	file_upload	file_upload
vulnerability_cwe	CWE-434 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-434 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-434 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-434 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-434 (ବିସ୍ତାରିତ ଅଧିକାର)
vulnerability_risk	2	2	2	2	2
cvss3_vuldb_av	N	N	N	N	N
cvss3_vuldb_ac	L	L	L	L	L
cvss3_vuldb_pr	L	L	L	L	L
cvss3_vuldb_ui	N	N	N	N	N
cvss3_vuldb_s	U	U	U	U	U
cvss3_vuldb_c	L	L	L	L	L
cvss3_vuldb_i	L	L	L	L	L
cvss3_vuldb_a	L	L	L	L	L
cvss3_vuldb_e	P	P	P	P	P
cvss3_vuldb_rl	U	U	U	U	U
cvss3_vuldb_rc	C	C	C	C	C
advisory_url	https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20web.md	https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20web.md	https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20web.md	https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20web.md	https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20web.md
exploit_availability	1	1	1	1	1
exploit_publicity	1	1	1	1	1
exploit_url	https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20web.md	https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20web.md	https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20web.md	https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20web.md	https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20web.md
countermeasure_name	ଅକ୍ଷମ କରନ୍ତୁ	ଅକ୍ଷମ କରନ୍ତୁ	ଅକ୍ଷମ କରନ୍ତୁ	ଅକ୍ଷମ କରନ୍ତୁ	ଅକ୍ଷମ କରନ୍ତୁ
source_cve	CVE-2023-5150	CVE-2023-5150	CVE-2023-5150	CVE-2023-5150	CVE-2023-5150
cna_responsible	VulDB	VulDB	VulDB	VulDB	VulDB
response_summary	Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.	Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.	Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.	Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.	Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
cna_eol	1	1	1	1	1
advisory_date	1695506400 (09/24/2023)	1695506400 (09/24/2023)	1695506400 (09/24/2023)	1695506400 (09/24/2023)	1695506400 (09/24/2023)
cvss2_vuldb_av	N	N	N	N	N
cvss2_vuldb_ac	L	L	L	L	L
cvss2_vuldb_ci	P	P	P	P	P
cvss2_vuldb_ii	P	P	P	P	P
cvss2_vuldb_ai	P	P	P	P	P
cvss2_vuldb_e	POC	POC	POC	POC	POC
cvss2_vuldb_rc	C	C	C	C	C
cvss2_vuldb_rl	U	U	U	U	U
cvss2_vuldb_au	S	S	S	S	S
cvss2_vuldb_basescore	6.5	6.5	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.9	5.9	5.9	5.9	5.9
cvss3_vuldb_basescore	6.3	6.3	6.3	6.3	6.3
cvss3_vuldb_tempscore	6.0	6.0	6.0	6.0	6.0
cvss3_meta_basescore	6.3	6.3	6.3	7.1	7.1
cvss3_meta_tempscore	6.0	6.0	6.0	7.0	7.0
price_0day	$5k-$25k	$5k-$25k	$5k-$25k	$5k-$25k	$5k-$25k
source_misc	https://github.com/llixixi/cve/blob/main/D-LINK-DAR-8000-10_upload_%20web.md	https://github.com/llixixi/cve/blob/main/D-LINK-DAR-8000-10_upload_%20web.md	https://github.com/llixixi/cve/blob/main/D-LINK-DAR-8000-10_upload_%20web.md	https://github.com/llixixi/cve/blob/main/D-LINK-DAR-8000-10_upload_%20web.md	https://github.com/llixixi/cve/blob/main/D-LINK-DAR-8000-10_upload_%20web.md
advisory_confirm_url		https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10354	https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10354	https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10354	https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10354
cve_assigned			1695506400 (09/24/2023)	1695506400 (09/24/2023)	1695506400 (09/24/2023)
cve_nvd_summary			UNSUPPORTED WHEN ASSIGNED A vulnerability classified as critical has been found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected is an unknown function of the file /useratte/web.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-240246 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.	UNSUPPORTED WHEN ASSIGNED A vulnerability classified as critical has been found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected is an unknown function of the file /useratte/web.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-240246 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.	UNSUPPORTED WHEN ASSIGNED A vulnerability classified as critical has been found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected is an unknown function of the file /useratte/web.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-240246 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
cvss2_nvd_basescore				6.5	6.5
cvss3_nvd_basescore				8.8	8.8
cvss3_cna_basescore				6.3	6.3
cvss3_nvd_av				N	N
cvss3_nvd_ac				L	L
cvss3_nvd_pr				L	L
cvss3_nvd_ui				N	N
cvss3_nvd_s				U	U
cvss3_nvd_c				H	H
cvss3_nvd_i				H	H
cvss3_nvd_a				H	H
cvss2_nvd_av				N	N
cvss2_nvd_ac				L	L
cvss2_nvd_au				S	S
cvss2_nvd_ci				P	P
cvss2_nvd_ii				P	P
cvss2_nvd_ai				P	P
cvss3_cna_av				N	N
cvss3_cna_ac				L	L
cvss3_cna_pr				L	L
cvss3_cna_ui				N	N
cvss3_cna_s				U	U
cvss3_cna_c				L	L
cvss3_cna_i				L	L
cvss3_cna_a				L	L
cve_cna				VulDB	VulDB
cve_nvd_summaryes					NO SOPORTADO CUANDO ESTÁ ASIGNADO NO SOPORTADO CUANDO ESTÁ ASIGNADO Una vulnerabilidad clasificada como crítica ha sido encontrada en D-Link DAR-7000 y DAR-8000 hasta 20151231. Una función desconocida del archivo /useratte/web es afectada por esta vulnerabilidad. php. La manipulación del argumento file_upload conduce a una carga sin restricciones. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-240246 es el identificador asignado a esta vulnerabilidad. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el mantenedor. NOTA: Se contactó primeramente con el proveedor y se confirmó de inmediato que el producto ha llegado al final de su vida útil. Debería retirarse y reemplazarse.
cvss2_cna_av					N
cvss2_cna_ac					L
cvss2_cna_au					S
cvss2_cna_ci					P
cvss2_cna_ii					P
cvss2_cna_ai					P
cvss2_cna_basescore					6.5
cvss4_vuldb_av					N
cvss4_vuldb_ac					L
cvss4_vuldb_pr					L
cvss4_vuldb_ui					N
cvss4_vuldb_vc					L
cvss4_vuldb_vi					L
cvss4_vuldb_va					L
cvss4_vuldb_e					P
cvss4_vuldb_at					N
cvss4_vuldb_sc					N
cvss4_vuldb_si					N
cvss4_vuldb_sa					N
cvss4_vuldb_bscore					5.3
cvss4_vuldb_btscore					2.1

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!