Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dlink central wifimanager vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-13372
/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote malicious users to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authenticati...
Dlink Central Wifimanager
7.5
CVSSv2
CVE-2018-17440
An issue exists on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by upl...
Dlink Central Wifimanager
1 EDB exploit
4.3
CVSSv2
CVE-2018-17441
An issue exists on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS.
Dlink Central Wifimanager
1 EDB exploit
6.5
CVSSv2
CVE-2018-17442
An issue exists on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code.
Dlink Central Wifimanager
1 EDB exploit
4.3
CVSSv2
CVE-2018-17443
An issue exists on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS.
Dlink Central Wifimanager
1 EDB exploit
7.5
CVSSv2
CVE-2019-13373
An issue exists in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL.
Dlink Central Wifimanager 1.03
4.3
CVSSv2
CVE-2019-13374
A cross-site scripting (XSS) vulnerability in resource view in PayAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote malicious users to inject arbitrary web script or HTML via the index.php/Pay/passcodeAuth passcode parameter.
Dlink Central Wifimanager 1.03
7.5
CVSSv2
CVE-2019-13375
A SQL Injection exists in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. The vulnerability does not need any authentication.
Dlink Central Wifimanager 1.03
3.5
CVSSv2
CVE-2018-15516
The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote malicious users to conduct a PORT command bounce scan via port 8000, resulting in SSRF.
Dlink Central Wifimanager 1.03
5
CVSSv2
CVE-2018-15517
The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/...
Dlink Central Wifimanager 1.03
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »