ID
VAR-202405-0251
CVE
CVE-2024-4965
TITLE
D-Link Systems, Inc. of dar-7000 in the firmware OS Command injection vulnerability
Trust: 0.8
DESCRIPTION
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000-40 V31R02B1413C and classified as critical. This issue affects some unknown processing of the file /useratte/resmanage.php. The manipulation of the argument load leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264533 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. D-Link Systems, Inc. of dar-7000 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. DAR-7000-40 is a network device suitable for government, finance, insurance, hotel, small and medium-sized enterprises, education and other fields. It provides professional traffic management capabilities, powerful content auditing, advanced Internet behavior management and efficient firewall and other practical functions. It can provide users with a visual network management experience by identifying and managing the network data flow application layer. Attackers can exploit this vulnerability to cause operating system command injection
Trust: 2.16
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | dlink | model: | dar-7000 | scope: | eq | version: | 31r02b1413c | Trust: 1.0 |
| vendor: | d link | model: | dar-7000 | scope: | eq | version: | dar-7000 firmware 31r02b1413c | Trust: 0.8 |
| vendor: | d link | model: | dar-7000 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | d link | model: | dar-7000 | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | d link | model: | dar-7000-40 v31r02b1413c | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-78 | Trust: 1.0 |
| problemtype: | OS Command injection (CWE-78) [ others ] | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2024-4965 | Trust: 3.2 |
| db: | VULDB | id: | 264533 | Trust: 2.4 |
| db: | DLINK | id: | SAP10354 | Trust: 1.8 |
| db: | JVNDB | id: | JVNDB-2024-026187 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2025-02723 | Trust: 0.6 |
REFERENCES
| url: | https://vuldb.com/?id.264533 | Trust: 2.4 |
| url: | https://supportannouncement.us.dlink.com/security/publication.aspx?name=sap10354 | Trust: 1.8 |
| url: | https://vuldb.com/?submit.333784 | Trust: 1.8 |
| url: | https://vuldb.com/?ctiid.264533 | Trust: 1.0 |
| url: | https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/%3cwhb%7cj%5cibsu0m4%3a_/d-link-dar-7000_rce_%20resmanage.php.pdf | Trust: 1.0 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2024-4965 | Trust: 0.8 |
SOURCES
| db: | CNVD | id: | CNVD-2025-02723 |
| db: | JVNDB | id: | JVNDB-2024-026187 |
| db: | NVD | id: | CVE-2024-4965 |
LAST UPDATE DATE
2025-07-17T23:27:21.541000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2025-02723 | date: | 2025-02-12T00:00:00 |
| db: | JVNDB | id: | JVNDB-2024-026187 | date: | 2025-07-16T07:59:00 |
| db: | NVD | id: | CVE-2024-4965 | date: | 2025-07-15T16:06:38.057 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2025-02723 | date: | 2025-02-11T00:00:00 |
| db: | JVNDB | id: | JVNDB-2024-026187 | date: | 2025-07-16T00:00:00 |
| db: | NVD | id: | CVE-2024-4965 | date: | 2024-05-16T08:15:39.030 |