.. / CVE-2023-4542

Exploit for D-Link DAR-8000-10 - Command Injection (CVE-2023-4542)

Description:

D-Link DAR-8000-10 version has an operating system command injection vulnerability. The vulnerability originates from the parameter id of the file /app/sys1.php which can lead to operating system command injection.

Nuclei Template

View the template here CVE-2023-4542.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-4542.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-4542
https://github.com/wy876/POC/blob/main/D-Link_DAR-8000%E6%93%8D%E4%BD%9C%E7%B3%BB%E7%BB%9F%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E(CVE-2023-4542).md
https://github.com/tanjiti/sec_profile
https://vuldb.com/?ctiid.238047
https://github.com/20142995/sectool
https://vuldb.com/?id.238047