A critical vulnerability, deemed CVE-2023-5147, has been discovered in D-Link DAR-700 devices with firmware up to 20151231. This vulnerability affects an unknown part of the file /sysmanage/updateos.php and allows for unrestricted file uploads through the manipulation of the argument 1_file_upload. The attack can be initiated remotely, and the exploit has been publicly disclosed, making it accessible for potential misuse. The vulnerability is associated with the identifier VDB-240243.

It must be noted that this vulnerability only affects products that are no longer supported by the maintainer, and the vendor has confirmed that the product is end-of-life (EOL), hence it should be retired and replaced.

Exploit Details

The vulnerability allows an attacker to manipulate the argument 1_file_upload and exploit the system via an unrestricted upload, potentially leading to further compromise of the affected device. A remote attacker can compromise the vulnerable device by sending a malicious request with a crafted file upload. This exploit has been disclosed to the public, making it easily available for malicious actors.

Here is a sample code snippet of the exploit

POST /sysmanage/updateos.php HTTP/1.1
Host: [TARGET IP]
Content-Type: multipart/form-data; boundary=---------------------------157501723931936
Content-Length: [LENGTH]

-----------------------------157501723931936
Content-Disposition: form-data; name="1_file_upload"; filename="malicious_file"
Content-Type: application/octet-stream

[FILE CONTENTS]
-----------------------------157501723931936

This code is meant to exploit the vulnerability by sending a crafted POST request to /sysmanage/updateos.php with the malicious file upload.

More information about the vulnerability can be found in the following sources

1. D-Link DAR-700 Vulnerability Details
2. CVE-2023-5147

Recommendations

As this vulnerability affects unsupported devices (D-Link DAR-700 with firmware up to 20151231), it is highly recommended that these devices be retired and replaced immediately. If it is not possible to replace the device, be sure to implement strict network access controls in place to mitigate the risk of remote exploitation.

Moreover, the vendor (D-Link) has been informed about the vulnerability, and they have confirmed that the product is end-of-life. Therefore, it is crucial to retire and replace these devices as soon as possible to prevent potential compromise.

Remember always to remain vigilant about the security updates and patches for your devices, as vulnerabilities like CVE-2023-5147 can lead to serious consequences if not addressed promptly.

Timeline

Published on: 09/25/2023 01:15:19 UTC
Last modified on: 11/07/2023 04:23:31 UTC