CVE-2024-4699 | D-Link DAR-8000-10 up to 20230922 /importhtml.php sql deserialization (SAP10354)

A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230922. This issue affects some unknown processing of the file /importhtml.php. The manipulation of the argument sql leads to deserialization. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

The identification of this vulnerability is CVE-2024-4699. The attack may be initiated remotely. There is no exploit available.

Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

CVE-2024-4699 | D-Link DAR-8000-10 up to 20230922 /importhtml.php sql deserialization (SAP10354)

Related Posts

CVE-2024-3738 | cym1102 nginxWebUI up to 3.9.9 /adminPage/conf/saveCmd handlePath nginxPath certificate validation

CVE-2024-38288 | R-HUB TurboMeeting up to 8.x Certificate Signing Request command injection (GHSA-gx6g-8mvx-3q5c)

CVE-2023-6881 | zephyrproject-rtos Zephyr up to 3.5 is_mount_point buffer overflow

CVE-2024-35583 | SourceCodester Laboratory Management System 1.0 Remarks cross site scripting