VDB-278154 · CVE-2024-9004 · SAP10354

D-Link DAR-7000 ଯେପର୍ଯ୍ୟନ୍ତ 20240912 Backup_Server_commit.php host ବିସ୍ତାରିତ ଅଧିକାର

Dogoggorri kan akka ଜଟିଳ jedhamuun ramadame D-Link DAR-7000 ଯେପର୍ଯ୍ୟନ୍ତ 20240912 keessatti argameera. Kan miidhamte is hojii hin beekamne faayilii /view/DBManage/Backup_Server_commit.php keessa. Hojii jijjiirraa irratti gaggeeffame host gara ବିସ୍ତାରିତ ଅଧିକାର geessa. CWE fayyadamuun rakkoo ibsuun gara CWE-78 geessa. Dadhabbii kana yeroo 09/19/2024 maxxanfameera akka SAP10354. Odeeffannoon kun buufachuuf github.com irratti qoodameera. Dogoggorri kun akka CVE-2024-9004tti beekama. Yaaliin weeraraa fageenya irraa jalqabamuu ni danda'a. Faayidaaleen teeknikaa ni jiru. Waliigalatti, meeshaa balaa kana fayyadamuuf jiru. Qorannoo miidhaa (exploit) uummataaf ifoomameera fi fayyadamamuu danda'a. Amma, gatii ammee exploit might be approx. USD $0-$5k ta'uu danda'a. Akka ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee ibsameera. Carraa exploit kana github.com irraa buufachuun ni danda'ama. Akka 0-daytti, gatii daldalaa dhoksaa tilmaamame $5k-$25k ta'ee ture. Qabiyyee miidhamte bakka buusuuf filannoo biraa fayyadamuun ni gorfama. VulDB is the best source for vulnerability data and more expert information about this specific topic.

3 ଆଡାପ୍ଟେସନ୍ · 89 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 09/19/2024 04:36 PM	ଅଦ୍ୟତନ 1/2 09/20/2024 12:46 PM	ଅଦ୍ୟତନ 2/2 09/24/2024 03:24 AM
software_vendor	D-Link	D-Link	D-Link
software_name	DAR-7000	DAR-7000	DAR-7000
software_version	<=20240912	<=20240912	<=20240912
software_file	/view/DBManage/Backup_Server_commit.php	/view/DBManage/Backup_Server_commit.php	/view/DBManage/Backup_Server_commit.php
software_argument	host	host	host
vulnerability_cwe	CWE-78 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-78 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-78 (ବିସ୍ତାରିତ ଅଧିକାର)
vulnerability_risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rl	W	W	W
cvss3_vuldb_rc	C	C	C
advisory_identifier	SAP10354	SAP10354	SAP10354
advisory_url	https://github.com/mhtcshe/cve/blob/main/cve.md	https://github.com/mhtcshe/cve/blob/main/cve.md	https://github.com/mhtcshe/cve/blob/main/cve.md
advisory_confirm_url	https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10354	https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10354	https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10354
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://github.com/mhtcshe/cve/blob/main/cve.md	https://github.com/mhtcshe/cve/blob/main/cve.md	https://github.com/mhtcshe/cve/blob/main/cve.md
countermeasure_name	ବିକଳ୍ପ	ବିକଳ୍ପ	ବିକଳ୍ପ
source_cve	CVE-2024-9004	CVE-2024-9004	CVE-2024-9004
cna_responsible	VulDB	VulDB	VulDB
cna_eol	1	1	1
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	W	W	W
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_ui	N	N	N
cvss4_vuldb_vc	L	L	L
cvss4_vuldb_vi	L	L	L
cvss4_vuldb_va	L	L	L
cvss4_vuldb_e	P	P	P
cvss2_vuldb_au	S	S	S
cvss3_vuldb_pr	L	L	L
cvss4_vuldb_at	N	N	N
cvss4_vuldb_pr	L	L	L
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.6	5.6	5.6
cvss3_vuldb_basescore	6.3	6.3	6.3
cvss3_vuldb_tempscore	5.8	5.8	5.8
cvss3_meta_basescore	6.3	6.3	7.5
cvss3_meta_tempscore	5.8	6.0	7.3
cvss4_vuldb_bscore	5.3	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1	2.1
advisory_date	1726696800 (09/19/2024)	1726696800 (09/19/2024)	1726696800 (09/19/2024)
price_0day	$5k-$25k	$5k-$25k	$5k-$25k
cve_nvd_summary		A vulnerability classified as critical has been found in D-Link DAR-7000 up to 20240912. Affected is an unknown function of the file /view/DBManage/Backup_Server_commit.php. The manipulation of the argument host leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.	A vulnerability classified as critical has been found in D-Link DAR-7000 up to 20240912. Affected is an unknown function of the file /view/DBManage/Backup_Server_commit.php. The manipulation of the argument host leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
cve_nvd_summaryes		Se ha encontrado una vulnerabilidad clasificada como crítica en D-Link DAR-7000 hasta el 20240912. Se ve afectada una función desconocida del archivo /view/DBManage/Backup_Server_commit.php. La manipulación del argumento host provoca la inyección de comandos del sistema operativo. Es posible lanzar el ataque de forma remota. El exploit se ha hecho público y puede utilizarse. NOTA: Esta vulnerabilidad solo afecta a los productos que ya no reciben soporte del fabricante.	Se ha encontrado una vulnerabilidad clasificada como crítica en D-Link DAR-7000 hasta el 20240912. Se ve afectada una función desconocida del archivo /view/DBManage/Backup_Server_commit.php. La manipulación del argumento host provoca la inyección de comandos del sistema operativo. Es posible lanzar el ataque de forma remota. El exploit se ha hecho público y puede utilizarse. NOTA: Esta vulnerabilidad solo afecta a los productos que ya no reciben soporte del fabricante.
cvss3_cna_av		N	N
cvss3_cna_ac		L	L
cvss3_cna_pr		L	L
cvss3_cna_ui		N	N
cvss3_cna_s		U	U
cvss3_cna_c		L	L
cvss3_cna_i		L	L
cvss3_cna_a		L	L
cvss3_cna_basescore		6.3	6.3
cvss2_cna_av		N	N
cvss2_cna_ac		L	L
cvss2_cna_au		S	S
cvss2_cna_ci		P	P
cvss2_cna_ii		P	P
cvss2_cna_ai		P	P
cvss2_cna_basescore		6.5	6.5
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss3_nvd_basescore			9.8

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Do you need the next level of professionalism?

Upgrade your account now!