CVE-2024-4963 – This critical vulnerability in D-Link DAR-7000-... (How to Fix)

Q: What is the severity of CVE-2024-4963?

CVE-2024-4963 has a CVSS score of 6.3 (MEDIUM). This critical vulnerability in D-Link DAR-7000-40 allows remote attackers to upload arbitrary files via the /url/url.php endpoint due to unrestricted file upload. This can lead to complete system compromise. Only affects end-of-life products that are no longer supported by the vendor.

📋 TL;DR

This critical vulnerability in D-Link DAR-7000-40 allows remote attackers to upload arbitrary files via the /url/url.php endpoint due to unrestricted file upload. This can lead to complete system compromise. Only affects end-of-life products that are no longer supported by the vendor.

💻 Affected Systems

Products:

D-Link DAR-7000-40

Versions: V31R02B1413C

Operating Systems: Embedded system

Default Config Vulnerable: ⚠️ Yes

Notes: Product is end-of-life with no vendor support. Only this specific version is confirmed affected.

📦 What is this software?

Dar 7000 Firmware by Dlink

View all CVEs affecting Dar 7000 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data exfiltration, and persistent backdoor installation.

🟠

Likely Case

Webshell deployment allowing unauthorized access, file manipulation, and potential lateral movement within the network.

🟢

If Mitigated

Limited impact if proper network segmentation and file upload restrictions are in place.

🌐 Internet-Facing: HIGH - Attackers can exploit remotely without authentication.

🏢 Internal Only: MEDIUM - Still vulnerable to internal threats but requires network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available in GitHub repository. Simple file upload manipulation required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10354

Restart Required: No

Instructions:

No official patch available. Vendor recommends retiring and replacing the end-of-life device.

🔧 Temporary Workarounds

Block /url/url.php access

linux

Use web application firewall or network firewall to block access to the vulnerable endpoint

iptables -A INPUT -p tcp --dport 80 -m string --string "/url/url.php" --algo bm -j DROP
iptables -A INPUT -p tcp --dport 443 -m string --string "/url/url.php" --algo bm -j DROP

Disable file upload functionality

all

Modify web server configuration to disable file uploads if possible

🧯 If You Can't Patch

Immediately isolate device from internet and place behind strict firewall rules
Implement network segmentation to limit device access to only necessary services

🔍 How to Verify

Check if Vulnerable:

Check device version via web interface or CLI. If version is V31R02B1413C, device is vulnerable.

Check Version:

Check web interface at System > Status or use device-specific CLI commands

Verify Fix Applied:

No fix available to verify. Only mitigation is device replacement.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to /url/url.php
POST requests with file upload parameters to vulnerable endpoint
Unexpected PHP file creation in web directories

Network Indicators:

HTTP POST requests to /url/url.php with file upload content
Unusual outbound connections from device after exploitation

SIEM Query:

source="web_logs" AND uri="/url/url.php" AND method="POST" AND (file_upload OR upload)

📊 Metadata

CVE ID: CVE-2024-4963

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-434

Published: May 16, 2024

Last Updated: July 15, 2025

🔗 References

https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/%3CWHB%7Cj%5CIbSU0m4%3A_/D-LINK-DAR-7000_upload_%20url.php.pdf Broken Link
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10354 Vendor Advisory
https://vuldb.com/?ctiid.264531 Permissions Required,VDB Entry
https://vuldb.com/?id.264531 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.333781 Third Party Advisory,VDB Entry
https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/%3CWHB%7Cj%5CIbSU0m4%3A_/D-LINK-DAR-7000_upload_%20url.php.pdf Broken Link
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10354 Vendor Advisory
https://vuldb.com/?ctiid.264531 Permissions Required,VDB Entry
https://vuldb.com/?id.264531 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.333781 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-4963, you might also want to check these: