D-Link DAR-7000 deserialization via /log/decodmail.php
CVE-2024-6525 Published on July 5, 2024
D-Link DAR-7000 decodmail.php deserialization
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20230922. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-270368. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Type
What is a Marshaling, Unmarshaling Vulnerability?
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CVE-2024-6525 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.
Products Associated with CVE-2024-6525
Want to know whenever a new CVE is published for D-Link Dar 7000 Firmware? stack.watch will email you.
Affected Versions
D-Link DAR-7000 Version 20230922 is affected by CVE-2024-6525Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.