ID
VAR-202405-0252
CVE
CVE-2024-4960
TITLE
D-Link Systems, Inc. of dar-7000 Unrestricted Upload of Dangerous File Types Vulnerability in Firmware
Trust: 0.8
DESCRIPTION
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in D-Link DAR-7000-40 V31R02B1413C. Affected is an unknown function of the file interface/sysmanage/licenseauthorization.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264528. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. D-Link Systems, Inc. of dar-7000 Firmware has an unrestricted upload of dangerous file types vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAR-7000-40 is an Internet behavior audit gateway of D-Link, a Chinese company. D-Link DAR-7000-40 has a command execution vulnerability, which is caused by the incorrect verification of the file extension by the interface/sysmanage/license authorization.php script. Attackers can use this vulnerability to upload malicious PHP scripts and execute arbitrary PHP code on the system
Trust: 2.16
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | dlink | model: | dar-7000 | scope: | eq | version: | v31r02b1413c | Trust: 1.0 |
| vendor: | d link | model: | dar-7000 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | d link | model: | dar-7000 | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | d link | model: | dar-7000 | scope: | eq | version: | dar-7000 firmware v31r02b1413c | Trust: 0.8 |
| vendor: | d link | model: | dar-7000-40 31r02b1413c | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-434 | Trust: 1.0 |
| problemtype: | Unlimited uploads of dangerous types of files (CWE-434) [ others ] | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2024-4960 | Trust: 3.2 |
| db: | VULDB | id: | 264528 | Trust: 1.8 |
| db: | DLINK | id: | SAP10354 | Trust: 1.8 |
| db: | JVNDB | id: | JVNDB-2024-026300 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2025-01812 | Trust: 0.6 |
REFERENCES
| url: | https://supportannouncement.us.dlink.com/security/publication.aspx?name=sap10354 | Trust: 1.8 |
| url: | https://vuldb.com/?id.264528 | Trust: 1.8 |
| url: | https://vuldb.com/?submit.333777 | Trust: 1.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2024-4960 | Trust: 1.4 |
| url: | https://vuldb.com/?ctiid.264528 | Trust: 1.0 |
| url: | https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/%3cwhb%7cj%5cibsu0m4%3a_/d-link-dar-7000_upload_%20licenseauthorization.php.php.pdf | Trust: 1.0 |
SOURCES
| db: | CNVD | id: | CNVD-2025-01812 |
| db: | JVNDB | id: | JVNDB-2024-026300 |
| db: | NVD | id: | CVE-2024-4960 |
LAST UPDATE DATE
2025-07-22T23:16:31+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2025-01812 | date: | 2025-01-20T00:00:00 |
| db: | JVNDB | id: | JVNDB-2024-026300 | date: | 2025-07-18T08:39:00 |
| db: | NVD | id: | CVE-2024-4960 | date: | 2025-07-16T14:41:16.750 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2025-01812 | date: | 2025-01-22T00:00:00 |
| db: | JVNDB | id: | JVNDB-2024-026300 | date: | 2025-07-18T00:00:00 |
| db: | NVD | id: | CVE-2024-4960 | date: | 2024-05-16T06:15:14.650 |