CVE-2024-6525

🗓️ 05 Jul 2024 13:00:06Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 60 Views🌐 WEB

A deserialization vulnerability in D-Link DAR-7000 up to 2023092

Reporter	Title	Published	Views	Family All 10
BDU FSTEC	The vulnerability in the /log/decodmail.php script of the D-Link DAR-7000 and DAR-8000 router microprogramming software allows a hacker to escalate their privileges, gain access to the system, and execute arbitrary code.	16 Sep 202400:00	–	bdu_fstec
Circl	CVE-2024-6525	5 Jul 202415:50	–	circl
CNNVD	D-Link DAR-7000 代码问题漏洞	5 Jul 202400:00	–	cnnvd
CNVD	Code Issue Vulnerability in DAR-7000 at AUO Electronic Devices (Shanghai) Co.	9 Jul 202400:00	–	cnvd
Cvelist	CVE-2024-6525 D-Link DAR-7000 decodmail.php deserialization	5 Jul 202413:00	–	cvelist
EUVD	EUVD-2024-47605	3 Oct 202520:07	–	euvd
NVD	CVE-2024-6525	5 Jul 202413:15	–	nvd
Positive Technologies	PT-2024-6150 · D Link · D-Link Dar-7000	5 Jul 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-6525	23 May 202508:00	–	redhatcve
Vulnrichment	CVE-2024-6525 D-Link DAR-7000 decodmail.php deserialization	5 Jul 202413:00	–	vulnrichment

NVD

Vulners

Node

dlink dar-7000_firmwareRange≤2023-09-22

AND

dlink dar-7000Match-

[
  {
    "vendor": "D-Link",
    "product": "DAR-7000",
    "versions": [
      {
        "version": "20230922",
        "status": "affected"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
supportannouncement	www.supportannouncement.us.dlink.com/security/publication.aspx
vuldb	www.vuldb.com/
github	www.github.com/flyyue2001/cve/blob/main/D-LINK%20-DAR-7000_rce_%20decodmail.md

Parameter	Position	Path	Description	CWE
file	request body	/log/decodmail.php	Deserialization vulnerability via manipulation of the file argument leading to remote code execution	CWE-502

17 Jun 2026 08:18Current

4.4Medium risk

Vulners AI Score4.4

CVSS 3.12.7 - 8.8

CVSS 23.3

CVSS 45.1

CVSS 32.7

EPSS0.0308

SSVC

CWE-502