| Description |
|---|
|
The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which allows unprivileged local users to gain SYSTEM privileges. Impacted versions: 1.03_r0098 Base Score: 7.2, Severity: HIGH, ID: CVE-2018-15515, Last Modified: 2019-10-03T00:03:00Z References Exploit Exploit Exploit Exploit Exploit Exploit |
|
/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication. Impacted versions: * Base Score: 7.5, Severity: HIGH, ID: CVE-2019-13372, Last Modified: 2019-07-12T15:57:00Z References Third Party Advisory Third Party Advisory Third Party Advisory |
|
The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF. Impacted versions: 1.03 Base Score: 3.5, Severity: LOW, ID: CVE-2018-15516, Last Modified: 2019-02-22T17:52:00Z References Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit |
|
The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. Impacted versions: 1.03 Base Score: 5.0, Severity: MEDIUM, ID: CVE-2018-15517, Last Modified: 2019-02-21T14:33:00Z References Exploit Exploit Exploit Exploit Exploit Exploit |
|
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any file in the web root directory and then accessing it via a request. Impacted versions: * Base Score: 7.5, Severity: HIGH, ID: CVE-2018-17440, Last Modified: 2018-11-23T18:50:00Z References Exploit Exploit Exploit Patch Patch Exploit Exploit Exploit Exploit Exploit |
|
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code. Impacted versions: * Base Score: 6.5, Severity: MEDIUM, ID: CVE-2018-17442, Last Modified: 2018-11-23T15:02:00Z References Exploit Exploit Exploit Patch Patch Exploit Exploit Exploit Exploit Exploit |
|
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS. Impacted versions: * Base Score: 4.3, Severity: MEDIUM, ID: CVE-2018-17443, Last Modified: 2018-11-23T14:56:00Z References Exploit Exploit Exploit Patch Patch Exploit Exploit Exploit Exploit Exploit |
|
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS. Impacted versions: * Base Score: 4.3, Severity: MEDIUM, ID: CVE-2018-17441, Last Modified: 2018-11-21T22:05:00Z References Exploit Exploit Exploit Patch Patch Exploit Exploit Exploit Exploit Exploit |
USAGE: Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.
