CVE-2023-5147
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Sep 25, 2023
Updated: Aug 2, 2024
CWE ID 287
Summary
CVE-2023-5147 is a critical vulnerability that affects the D-Link DAR-7000 series up to version 20151231. The issue lies within the /sysmanage/updateos.php file, and manipulation of the argument 1_file_upload can result in an unrestricted upload. This vulnerability can be exploited remotely, and the exploit has been made public. This vulnerability only affects unsupported D-Link DAR-7000 models, as the vendor has confirmed that the product is end-of-life and should be retired and replaced. Vulnerability identifier: VDB-240243.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share