CVE-2024-4964

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published May 16, 2024

Updated: Aug 1, 2024

CWE ID 434

Summary

CVE-2024-4964 is a critical vulnerability discovered in the D-Link DAR-7000-40 V31R02B1413C firewall. The issue lies in the unknown code of the /firewall/urlblist.php file and enables remote, unrestricted file uploads through manipulation of an argument. This exploit, identified as VDB-264532, has been publicly disclosed, increasing the risk of attacks. Notably, this vulnerability only affects unsupported D-Link products, which have been confirmed end-of-life by the vendor. It is strongly recommended that users retire and replace these devices to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/v8xQzU
https://www.cve.org/CVERecord?id=CVE-2024-4964
https://nvd.nist.gov/vuln/detail/CVE-2024-4964

Back to Vulnerability Database

CVE-2024-4964

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations