The vulnerability of the MailConnect function in the software controller allows for an SSRF attack by the intruder, enabling them to carry out a malicious action. This vulnerability is present in the D-Link Central WiFi Manager, a device used for centralized control of wireless networks.

🗓️ 22 Jan 2019 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

MailConnect in D-Link Central WiFi Manager allows remote SSRF due to insufficient request checks.

Reporter	Title	Published	Views	Family All 11
0day.today	D-LINK Central WifiManager (CWM 100) 1.03 r0098 Server-Side Request Forgery Vulnerability	9 Nov 201800:00	–	zdt
Circl	CVE-2018-15517	12 Jan 202500:00	–	circl
CNVD	D-LINK Central WifiManager CWM-100 Server-Side Request Forgery Vulnerability	12 Nov 201800:00	–	cnvd
CVE	CVE-2018-15517	31 Jan 201919:00	–	cve
Cvelist	CVE-2018-15517	31 Jan 201919:00	–	cvelist
Nuclei	D-Link Central WifiManager - Server-Side Request Forgery	16 Jun 202607:13	–	nuclei
NVD	CVE-2018-15517	31 Jan 201919:29	–	nvd
Packet Storm	D-LINK Central WifiManager (CWM 100) 1.03 r0098 Server-Side Request Forgery	9 Nov 201800:00	–	packetstorm
Prion	Security feature bypass	31 Jan 201919:29	–	prion
Positive Technologies	PT-2018-2191 · D Link · D-Link Central Wifimanager Cwm-100	8 Aug 201800:00	–	ptsecurity

Source	Link
cxsecurity	www.cxsecurity.com/issue/WLB-2018110068
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/152844
web	www.web.nvd.nist.gov/view/vuln/detail

23 Mar 2021 00:00Current

7.5High risk

Vulners AI Score7.5

CVSS 25.8

CVSS 36.5

EPSS0.44101

MailConnect function Central WiFi Manager Server Request Forgery Input validation weakness