CVE-2024-4960 in DAR-7000-40
Summary
by MITRE • 05/16/2024
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in D-Link DAR-7000-40 V31R02B1413C. Affected is an unknown function of the file interface/sysmanage/licenseauthorization.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264528. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 07/16/2025
The vulnerability identified as CVE-2024-4960 represents a critical security flaw in D-Link DAR-7000-40 V31R02B1413C network device firmware, specifically within the interface/sysmanage/licenseauthorization.php file. This issue falls under the category of unrestricted file upload vulnerabilities, which are particularly dangerous as they allow attackers to bypass normal file validation mechanisms and execute arbitrary code on the affected system. The vulnerability is classified as critical due to its potential for remote code execution and the fact that it affects a core system management function that handles license authorization processes.
The technical exploitation of this vulnerability occurs through manipulation of the file_upload argument parameter within the licenseauthorization.php file, which lacks proper input validation and sanitization measures. This flaw enables attackers to upload malicious files without restriction, potentially including web shells, malware, or other harmful payloads that can be executed within the context of the web server. The vulnerability is remotely exploitable, meaning that an attacker does not require physical access to the device or local network privileges to carry out the attack. This characteristic significantly increases the attack surface and potential impact, as the vulnerability can be exploited from any location with network access to the affected device.
From an operational perspective, the exploitation of this vulnerability could lead to complete system compromise, allowing attackers to gain unauthorized access to the network device, potentially enabling them to monitor network traffic, modify device configurations, or use the device as a pivot point for further attacks within the network infrastructure. The fact that this vulnerability affects an end-of-life product means that no official security updates or patches are available from the vendor, leaving organizations with no legitimate means to remediate the issue through standard support channels. This situation places affected organizations at significant risk as they cannot rely on vendor-provided security fixes, and the lack of ongoing support means that similar vulnerabilities may remain undiscovered or unpatched.
Organizations utilizing the D-Link DAR-7000-40 V31R02B1413C device should immediately implement network segmentation strategies to isolate the affected device from critical network segments, disable unnecessary services and ports, and consider implementing network monitoring solutions to detect potential exploitation attempts. The vulnerability aligns with CWE-434 which specifically addresses the risk of unrestricted file upload, and the attack vector corresponds to techniques described in the MITRE ATT&CK framework under T1190 - Exploit Public-Facing Application and T1059 - Command and Scripting Interpreter, particularly when attackers leverage the uploaded malicious files for remote code execution. Given the end-of-life status of the product, the most effective mitigation strategy involves immediate retirement of the device from production environments and replacement with supported firmware that includes proper input validation and security controls. The public disclosure of the exploit (VDB-264528) further emphasizes the urgency of taking immediate action to protect network infrastructure from potential compromise.