CVE-2023-5154

🗓️ 25 Sep 2023 03:00:07Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 128 Views🌐 WEB

Vulnerability in D-Link DAR-8000 allows unrestricted remote upload

Reporter	Title	Published	Views	Family All 7
BDU FSTEC	The vulnerability in the /sysmanage/changelogo.php script of the D-Link DAR-8000 router’s microprogramming software allows a hacker to execute arbitrary commands.	3 Oct 202300:00	–	bdu_fstec
CNNVD	D-Link DAR-8000 Code Issue Vulnerability	25 Sep 202300:00	–	cnnvd
Cvelist	CVE-2023-5154 D-Link DAR-8000 changelogo.php unrestricted upload	25 Sep 202303:00	–	cvelist
NVD	CVE-2023-5154	25 Sep 202303:15	–	nvd
Prion	Out-of-bounds	25 Sep 202303:15	–	prion
Positive Technologies	PT-2023-5602 · D Link · D-Link Dar-8000	24 Sep 202300:00	–	ptsecurity
Vulnrichment	CVE-2023-5154 D-Link DAR-8000 changelogo.php unrestricted upload	25 Sep 202303:00	–	vulnrichment

NVD

Vulners

Node

dlink dar-8000_firmwareRange≤2015-12-31

AND

dlink dar-8000Match-

[
  {
    "vendor": "D-Link",
    "product": "DAR-8000",
    "versions": [
      {
        "version": "20151231",
        "status": "affected"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
supportannouncement	www.supportannouncement.us.dlink.com/announcement/publication.aspx
vuldb	www.vuldb.com/
github	www.github.com/llixixi/cve/blob/main/D-LINK-DAR-8000-10_upload_%20changelogo.md

Parameter	Position	Path	Description	CWE
file_upload	request body	/sysmanage/changelogo.php	Unrestricted file upload via the file_upload parameter on /sysmanage/changelogo.php leading to remote upload capability.	CWE-434

21 Nov 2024 08:41Current

7.2High risk

Vulners AI Score7.2

CVSS 3.16.3 - 8.8

CVSS 26.5

CVSS 36.3

EPSS0.79973

SSVC

CWE-434