CVE-2023-4542

MEDIUM EXPLOITED NUCLEI

D-Link DAR-8000-10 <20230809 - Code Injection

Title source: llm

Description

A vulnerability was found in D-Link DAR-8000-10 up to 20230809. It has been classified as critical. This affects an unknown part of the file /app/sys1.php. The manipulation of the argument cmd with the input id leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238047. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Exploits (1)

nomisec WORKING POC 2 stars

by PumpkinBridge · remote

https://github.com/PumpkinBridge/CVE-2023-4542

View Code ZIP pw:eip

Nuclei Templates (1)

D-Link DAR-8000-10 - Command Injection

CRITICALVERIFIEDby pussycat0x

FOFA: body="DAR-8000-10" && title="D-Link" || body="dar-8000-10" && title="d-link"

References (3)

[Exploit, Third Party Advisory] https://github.com/PumpkinBridge/cve/blob/main/rce.md

[Permissions Required, Third Party Advisory] https://vuldb.com/?ctiid.238047

[Third Party Advisory] https://vuldb.com/?id.238047

Scores

CVSS v3 6.3

EPSS 0.9232

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

VulnCheck KEV 2024-09-18

CWE

CWE-78

Status published

Products (1)

dlink/dar-8000-10_firmware < 2023-08-09

Published Aug 25, 2023

Tracked Since Feb 18, 2026