CVE-2023-5151
Published: 25 September 2023
Summary
CVE-2023-5151 is a medium-severity SQL Injection (CWE-89) vulnerability in Dlink Dar-8000 Firmware. Its CVSS base score is 6.3 (Medium).
Operationally, ranked in the top 4.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2023-5151 is a SQL injection vulnerability, tracked as CWE-89, that affects an unknown function in the file /autheditpwd.php of the D-Link DAR-8000 router firmware up to version 20151231. The flaw is triggered by unsanitized input to the hid_id parameter and carries a CVSS 3.1 score of 6.3. The CVE record is explicitly marked “UNSUPPORTED WHEN ASSIGNED” because the product reached end-of-life in 2015 and is no longer supported by the vendor.
An authenticated attacker with low privileges can send a crafted HTTP request to the affected endpoint from a remote network location. Successful exploitation allows the attacker to execute arbitrary SQL statements, resulting in limited disclosure, modification, or disruption of data within the device’s database.
D-Link’s support announcement SAP10354 and the associated vendor statement confirm that the DAR-8000 series is end-of-life; the vendor recommends immediate retirement and replacement rather than patching. Public exploit code has been published on GitHub, and the vulnerability record is mirrored on VulDB.
The EPSS score has remained near 0.20 with only a negligible peak-to-current difference, indicating no material post-disclosure surge in observed exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-57489
Vulnerability details
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DAR-8000 up to 20151231. Affected by this vulnerability is an unknown functionality of the file /autheditpwd.php. The manipulation of the argument hid_id leads to sql injection.…
more
The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240247. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.