CVE-2024-4699 | D-Link DAR-8000-10 up to 20230922 /importhtml.php sql deserialization (SAP10354)

A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230922. This issue affects some unknown processing of the file /importhtml.php. The manipulation of the argument sql leads to deserialization. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

The identification of this vulnerability is CVE-2024-4699. The attack may be initiated remotely. There is no exploit available.

Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

CVE-2024-4699 | D-Link DAR-8000-10 up to 20230922 /importhtml.php sql deserialization (SAP10354)

Related Posts

CVE-2024-23518 | Navneil Naicker ACF Photo Gallery Field Plugin up to 2.6 on WordPress authorization

CVE-2024-42371 | SAP NetWeaver Application Server for ABAP and ABAP Platform RFC Enabled Function Module authorization

CVE-2024-2665 | Premium Addons for Elementor Plugin up to 4.10.27 on WordPress Button cross site scripting

CVE-2024-6870 | Responsive Lightbox & Gallery Plugin up to 2.4.7 on WordPress File Upload cross site scripting