Unrated severityNVD Advisory· Published Sep 25, 2023· Updated Aug 2, 2024

D-Link DAR-8000 querysql.php sql injection

CVE-2023-5153

Description

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in D-Link DAR-8000 up to 20151231. This affects an unknown part of the file /Tool/querysql.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240249 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

Affected products

Dlink/DAR-8000-10cpe-rescue
Range: 20151231

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/llixixi/cve/blob/main/D-LINK-DAR-8000-10_sql_%20querysql.mdmitreexploit
supportannouncement.us.dlink.com/announcement/publication.aspxmitrerelated
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000