The vulnerability in the script /view/DBManage/Backup_Server_commit.php of the D-Link DAR-7000 and DAR-8000 router microprogramming software allows a attacker to execute arbitrary commands.

🗓️ 04 Oct 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 4 Views

Backup_Server_commit.php on D Link routers enables command execution via system elements.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2024-9004	19 Sep 202423:41	–	circl
CNNVD	D-Link DAR-7000 操作系统命令注入漏洞	19 Sep 202400:00	–	cnnvd
CNVD	D-Link DAR-7000 Operating System Command Injection Vulnerability	23 Sep 202400:00	–	cnvd
CVE	CVE-2024-9004	19 Sep 202421:00	–	cve
Cvelist	CVE-2024-9004 D-Link DAR-7000 Backup_Server_commit.php os command injection	19 Sep 202421:00	–	cvelist
EUVD	EUVD-2024-49658	3 Oct 202520:07	–	euvd
NVD	CVE-2024-9004	19 Sep 202421:15	–	nvd
Positive Technologies	PT-2023-9459 · D Link · D-Link Dar-7000	22 Sep 202300:00	–	ptsecurity
RedhatCVE	CVE-2024-9004	23 May 202508:15	–	redhatcve
Vulnrichment	CVE-2024-9004 D-Link DAR-7000 Backup_Server_commit.php os command injection	19 Sep 202421:00	–	vulnrichment

Source	Link
supportannouncement	www.supportannouncement.us.dlink.com/security/publication.aspx
github	www.github.com/mhtcshe/cve/blob/main/cve.md
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
web	www.web.nvd.nist.gov/view/vuln/detail

04 Oct 2024 00:00Current

6.9Medium risk

Vulners AI Score6.9

CVSS 39.8

CVSS 210

EPSS0.15763

D Link routers backup server commit remote command execution unsanitized elements operating system commands