Published: 31/01/2019 Updated: 26/04/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 8.6 | Impact Score: 4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dlink central wifimanager 1.03

Check Point Reference: CPAI-2018-2731 Date Published: 14 Apr 2024 Severity: High ...

Using a web browser or script server-side request forgery (SSRF) can be initiated against internal/external systems to conduct port scans by leveraging D-LINK's MailConnect component The MailConnect feature on D-Link Central WiFiManager CWM-100 version 103 r0098 devices is intended to check a connection to an SMTP server but actually allows outbo ...

CWE-918 http://seclists.org/fulldisclosure/2018/Nov/28 http://packetstormsecurity.com/files/150243/D-LINK-Central-WifiManager-CWM-100-1.03-r0098-Server-Side-Request-Forgery.html https://nvd.nist.gov https://packetstormsecurity.com/files/150243/D-LINK-Central-WifiManager-CWM-100-1.03-r0098-Server-Side-Request-Forgery.html https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2018-2731.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-15517

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect