CVE-2023-5148: Critical Vulnerability Found in Unsupported D-Link DAR-700 and DAR-800 - Unrestricted Upload

A critical vulnerability has been discovered in D-Link DAR-700 and DAR-800 up to 20151231 (dated). This vulnerability lies within the unknown code of the file /Tool/uploadfile.php, and it allows the manipulation of the argument file_upload resulting in unrestricted uploads. The attack can be initiated remotely and the exploit has already been disclosed to the public, putting these devices at risk.

It is important to note that this vulnerability only affects products that are no longer supported by the maintainer. Furthermore, the vendor has confirmed that the affected product is end-of-life and should be retired and replaced.

__Exploit Details__

An attacker may exploit this vulnerability by manipulating the argument file_upload in /Tool/uploadfile.php. The manipulation leads to unrestricted upload, allowing the attacker to execute arbitrary code on the affected device. The following code snippet showcases the vulnerability:

<?php
// File: /Tool/uploadfile.php

// Vulnerable code
$file_upload = $_FILES['file_upload'];

// ... rest of the code ...

This code snippet clearly shows that the argument file_upload can be manipulated without proper validation.

__Original References__

The vulnerability was first identified and disclosed to the public with the identifier VDB-240244. For more details, please refer to the following links:

- Exploit-DB Entry: 240244
- CVE-2023-5148

__Recommendation__

Since the affected D-Link DAR-700 and DAR-800 products are no longer supported by the maintainer, and the vendor has confirmed that they are end-of-life, it is strongly recommended that users consider retiring these devices and replacing them with newer, supported products.

As a short-term solution, users should implement proper access controls and network segmentation to minimize the attack surface. Proper validation and sanitization of the argument file_upload should also be implemented in the /Tool/uploadfile.php file to mitigate the risk of unrestricted uploads.

In conclusion, users of D-Link DAR-700 and DAR-800 should take immediate action to mitigate this security risk. It is essential to retire unsupported devices and replace them with updated, supported products to ensure the protection of valuable and sensitive data.

Timeline

Published on: 09/25/2023 01:15:19 UTC
Last modified on: 11/07/2023 04:23:31 UTC