/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote malicious users to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dlink central wifimanager |