CVE-2024-9004: D-Link DAR-7000 Backup_Server_commit.php os command injection
First published: Thu Sep 19 2024(Updated: )
A vulnerability classified as critical has been found in D-Link DAR-7000 up to 20240912. Affected is an unknown function of the file /view/DBManage/Backup_Server_commit.php. The manipulation of the argument host leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Dlink Dar-7000 Firmware | <=2024-09-12 | |
| Dlink Dar-7000 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/weakness
- agent/title
- agent/references
- agent/first-publish-date
- agent/type
- agent/description
- agent/author
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/epss
- collector/epss-latest
- source/FIRST
- agent/trending
- vendor/dlink
- canonical/dlink dar-7000 firmware
- version/dlink dar-7000 firmware/2024-09-12
- canonical/dlink dar-7000