CVE-2024-6525 — LOW (2.7) — White Hats Nepal

Q: How severe is CVE-2024-6525?

CVE-2024-6525 has been rated LOW with a CVSS base score of 2.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-6525?

Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dar-7000 Firmware, Dlink Dar-7000.

Vulnerability Description

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20230922. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-270368. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS Score

2.7

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Dlink	Dar-7000 Firmware	<= 2023-09-22
Dlink	Dar-7000	-

Related Weaknesses (CWE)

CWE-502

References

https://github.com/flyyue2001/cve/blob/main/D-LINK%20-DAR-7000_rce_%20decodmail.Exploit
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10354Vendor Advisory
https://vuldb.com/?ctiid.270368Permissions RequiredVDB Entry
https://vuldb.com/?id.270368Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.368099Third Party AdvisoryVDB Entry
https://github.com/flyyue2001/cve/blob/main/D-LINK%20-DAR-7000_rce_%20decodmail.Exploit
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10354Vendor Advisory
https://vuldb.com/?ctiid.270368Permissions RequiredVDB Entry
https://vuldb.com/?id.270368Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.368099Third Party AdvisoryVDB Entry

FAQ

What is CVE-2024-6525?

CVE-2024-6525 is a vulnerability with a CVSS score of 2.7 (LOW). ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20230922. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /log/dec...

How severe is CVE-2024-6525?

CVE-2024-6525 has been rated LOW with a CVSS base score of 2.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-6525?

Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dar-7000 Firmware, Dlink Dar-7000.