Unrated severityNVD Advisory· Published Sep 19, 2024· Updated Sep 20, 2024

D-Link DAR-7000 Backup_Server_commit.php os command injection

CVE-2024-9004

Description

A vulnerability classified as critical has been found in D-Link DAR-7000 up to 20240912. Affected is an unknown function of the file /view/DBManage/Backup_Server_commit.php. The manipulation of the argument host leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Affected products

Dlink/DAR-7000cpe-rescue
Range: 20240912

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/mhtcshe/cve/blob/main/cve.mdmitreexploit
vuldb.commitrethird-party-advisory
supportannouncement.us.dlink.com/security/publication.aspxmitrerelated
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description
www.dlink.commitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.013
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000