19 matches found
EUVD-2018-9195
Malware in sbrugna...
EUVD-2019-4872
Malware in sbrugna...
CVE-2019-13373
An issue was discovered in the D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL...
CVE-2019-13375
A SQL Injection was discovered in D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. The vulnerability does not need any authentication...
D-Link Central WiFi Manager CWM(100) RCE
This module exploits a PHP code injection vulnerability in D-Link Central WiFi Manager CWM100 versions below v1.03R0100BETA6. The vulnerability exists in the username cookie, which is passed to eval without being sanitized. Dangerous functions are not disabled by default, which makes it possible ...
D-Link Central WiFi Manager CWM(100) Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'D-Link Central WiFi Manager CWM100 RCE', 'Description' = %q This module exploits a PHP code injection vulnerability in D-Link Central WiFi Manage...
CVE-2019-13372
/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication...
CVE-2019-13375
A SQL Injection was discovered in D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. The vulnerability does not need any authentication...
Cross site scripting
A cross-site scripting XSS vulnerability in resource view in PayAction.class.php in D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6 allows remote attackers to inject arbitrary web script or HTML via the index.php/Pay/passcodeAuth passcode parameter...
Input validation
An issue was discovered in the D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL...
Sql injection
A SQL Injection was discovered in D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. The vulnerability does not need any authentication...
CVE-2019-13374
A cross-site scripting XSS vulnerability in resource view in PayAction.class.php in D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6 allows remote attackers to inject arbitrary web script or HTML via the index.php/Pay/passcodeAuth passcode parameter...
PT-2018-3063 · D Link · D-Link Central Wifi Manager Cwm
Name of the Vulnerable Software and Affected Versions: D-Link Central WiFi Manager CWM100 versions prior to v1.03R0100 BETA6 Description: The issue is related to a flaw in the authentication procedure of the D-Link Central WiFi Manager CWM100. This flaw allows remote attackers to execute arbitrar...
CVE-2018-17443
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS...
Cross site scripting
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS...
Hardcoded credentials
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials admin, admin. Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any...
CVE-2018-17440
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials admin, admin. Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any...
CVE-2018-17442
CVE-2018-17442 affects D-Link Central WiFi Manager prior to version 1.03r0100-Beta1. The vulnerability lies in an unrestricted file upload via the onUploadLogPic endpoint, which can be exploited by remote authenticated users to achieve remote code execution (PHP) by uploading a crafted archive (....
CVE-2018-17442
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code...