Published: 31/01/2019 Updated: 26/04/2023

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 5.8 | Impact Score: 4 | Exploitability Score: 1.3

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote malicious users to conduct a PORT command bounce scan via port 8000, resulting in SSRF.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dlink central wifimanager 1.03

The FTP Server component of the D-LINK Central WifiManager can be used as a man-in-the-middle machine allowing PORT Command bounce scan attacks This vulnerability allows remote attackers to abuse your network and discreetly conduct network port scanning Victims will then think these scans are originating from the D-LINK network running the afflic ...

Full Disclosure mailing list archives   By Date By Thread </form>    CVE-2018-15516 / D- LINK Central WifiManager CWM-100 / FTP Server PORT Bounce Scan  <!--X-H ...

CWE-918 https://vimeo.com/299797225 http://seclists.org/fulldisclosure/2018/Nov/27 http://packetstormsecurity.com/files/150242/D-LINK-Central-WifiManager-CWM-100-1.03-r0098-Man-In-The-Middle.html https://nvd.nist.gov https://packetstormsecurity.com/files/150242/D-LINK-Central-WifiManager-CWM-100-1.03-r0098-Man-In-The-Middle.html

CVE-2018-15516

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect