{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-9004","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-09-19T14:31:15.840Z","datePublished":"2024-09-19T21:00:10.914Z","dateUpdated":"2024-09-20T14:40:00.225Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-09-19T21:00:10.914Z"},"title":"D-Link DAR-7000 Backup_Server_commit.php os command injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-78","lang":"en","description":"OS Command Injection"}]}],"affected":[{"vendor":"D-Link","product":"DAR-7000","versions":[{"version":"20240912","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability classified as critical has been found in D-Link DAR-7000 up to 20240912. Affected is an unknown function of the file /view/DBManage/Backup_Server_commit.php. The manipulation of the argument host leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."},{"lang":"de","value":"Es wurde eine kritische Schwachstelle in D-Link DAR-7000 bis 20240912 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei /view/DBManage/Backup_Server_commit.php. Durch Manipulieren des Arguments host mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P"}}],"timeline":[{"time":"2024-09-19T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-09-19T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-09-19T16:36:26.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"shechenran (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.278154","name":"VDB-278154 | D-Link DAR-7000 Backup_Server_commit.php os command injection","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.278154","name":"VDB-278154 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.407023","name":"Submit #407023 | dlink online behavior audit gateway  DAR-7000 online behavior audit gateway","tags":["third-party-advisory"]},{"url":"https://github.com/mhtcshe/cve/blob/main/cve.md","tags":["exploit"]},{"url":"https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10354","tags":["related"]},{"url":"https://www.dlink.com/","tags":["product"]}],"tags":["unsupported-when-assigned"]},"adp":[{"affected":[{"vendor":"d-link","product":"dar-7000","cpes":["cpe:2.3:h:d-link:dar-7000:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"20240912","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-09-20T14:34:25.738799Z","id":"CVE-2024-9004","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-20T14:40:00.225Z"}}]}}