Sign-up

ID

VAR-202405-0253


CVE

CVE-2024-4964


TITLE

D-Link Systems, Inc.  of  dar-7000  Unrestricted Upload of Dangerous File Types Vulnerability in Firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-026138

DESCRIPTION

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000-40 V31R02B1413C and classified as critical. This vulnerability affects unknown code of the file /firewall/urlblist.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264532. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. D-Link Systems, Inc. of dar-7000 Firmware has an unrestricted upload of dangerous file types vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-4964 // JVNDB: JVNDB-2024-026138

AFFECTED PRODUCTS

vendor:dlinkmodel:dar-7000scope:eqversion:31r02b1413c

Trust: 1.0

vendor:d linkmodel:dar-7000scope:eqversion:dar-7000 firmware 31r02b1413c

Trust: 0.8

vendor:d linkmodel:dar-7000scope: - version: -

Trust: 0.8

vendor:d linkmodel:dar-7000scope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-026138 // NVD: CVE-2024-4964

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2024-4964
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2024-4964
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2024-026138
value: CRITICAL

Trust: 0.8

cna@vuldb.com: CVE-2024-4964
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2024-026138
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2024-4964
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2024-4964
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2024-026138
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-026138 // NVD: CVE-2024-4964 // NVD: CVE-2024-4964

PROBLEMTYPE DATA

problemtype:CWE-434

Trust: 1.0

problemtype:Unlimited uploads of dangerous types of files (CWE-434) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-026138 // NVD: CVE-2024-4964

EXTERNAL IDS

db:NVDid:CVE-2024-4964

Trust: 2.6

db:DLINKid:SAP10354

Trust: 1.8

db:VULDBid:264532

Trust: 1.8

db:JVNDBid:JVNDB-2024-026138

Trust: 0.8

sources: JVNDB: JVNDB-2024-026138 // NVD: CVE-2024-4964

REFERENCES

url:https://supportannouncement.us.dlink.com/security/publication.aspx?name=sap10354

Trust: 1.8

url:https://vuldb.com/?id.264532

Trust: 1.8

url:https://vuldb.com/?submit.333783

Trust: 1.8

url:https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/%3cwhb%7cj%5cibsu0m4%3a_/d-link-dar-7000_upload_%20urlblist.php.pdf

Trust: 1.0

url:https://vuldb.com/?ctiid.264532

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-4964

Trust: 0.8

sources: JVNDB: JVNDB-2024-026138 // NVD: CVE-2024-4964

SOURCES

db:JVNDBid:JVNDB-2024-026138
db:NVDid:CVE-2024-4964

LAST UPDATE DATE

2025-07-17T23:27:21.587000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-026138date:2025-07-16T04:39:00
db:NVDid:CVE-2024-4964date:2025-07-15T16:21:13.550

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-026138date:2025-07-16T00:00:00
db:NVDid:CVE-2024-4964date:2024-05-16T08:15:38.693