Lucene search
+L

19 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-9195

Malware in sbrugna...

8.8CVSS8.7AI score0.14219EPSS
Exploits5References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2019-4872

Malware in sbrugna...

6.1CVSS6.3AI score0.02369EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/22 8:4 a.m.9 views

CVE-2019-13373

An issue was discovered in the D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL...

9.8CVSS7.5AI score0.68019EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:11 a.m.7 views

CVE-2019-13375

A SQL Injection was discovered in D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. The vulnerability does not need any authentication...

9.8CVSS8.2AI score0.28199EPSS
Exploits0References1
Metasploit
Metasploit
added 2020/08/18 5:41 p.m.45 views

D-Link Central WiFi Manager CWM(100) RCE

This module exploits a PHP code injection vulnerability in D-Link Central WiFi Manager CWM100 versions below v1.03R0100BETA6. The vulnerability exists in the username cookie, which is passed to eval without being sanitized. Dangerous functions are not disabled by default, which makes it possible ...

9.8CVSS9.6AI score0.80682EPSS
Exploits4
Packet Storm
Packet Storm
added 2020/08/18 12:0 a.m.272 views

D-Link Central WiFi Manager CWM(100) Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'D-Link Central WiFi Manager CWM100 RCE', 'Description' = %q This module exploits a PHP code injection vulnerability in D-Link Central WiFi Manage...

7.5CVSS0.80682EPSS
Exploits4
NVD
NVD
added 2019/07/06 11:15 p.m.37 views

CVE-2019-13372

/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication...

9.8CVSS9.8AI score0.80682EPSS
Exploits4References4
NVD
NVD
added 2019/07/06 11:15 p.m.17 views

CVE-2019-13375

A SQL Injection was discovered in D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. The vulnerability does not need any authentication...

9.8CVSS9.9AI score0.28199EPSS
Exploits0References3
Prion
Prion
added 2019/07/06 11:15 p.m.19 views

Cross site scripting

A cross-site scripting XSS vulnerability in resource view in PayAction.class.php in D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6 allows remote attackers to inject arbitrary web script or HTML via the index.php/Pay/passcodeAuth passcode parameter...

4.3CVSS5.9AI score0.02369EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2019/07/06 11:15 p.m.21 views

Input validation

An issue was discovered in the D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL...

7.5CVSS9.6AI score0.68019EPSS
Exploits2References3Affected Software1
Prion
Prion
added 2019/07/06 11:15 p.m.23 views

Sql injection

A SQL Injection was discovered in D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. The vulnerability does not need any authentication...

7.5CVSS9.8AI score0.28199EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/07/06 10:54 p.m.28 views

CVE-2019-13374

A cross-site scripting XSS vulnerability in resource view in PayAction.class.php in D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6 allows remote attackers to inject arbitrary web script or HTML via the index.php/Pay/passcodeAuth passcode parameter...

6AI score0.02369EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2018/11/20 12:0 a.m.8 views

PT-2018-3063 · D Link · D-Link Central Wifi Manager Cwm

Name of the Vulnerable Software and Affected Versions: D-Link Central WiFi Manager CWM100 versions prior to v1.03R0100 BETA6 Description: The issue is related to a flaw in the authentication procedure of the D-Link Central WiFi Manager CWM100. This flaw allows remote attackers to execute arbitrar...

10CVSS10AI score0.80682EPSS
Exploits4References9
NVD
NVD
added 2018/10/08 4:29 p.m.23 views

CVE-2018-17443

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS...

6.1CVSS6.2AI score0.05657EPSS
Exploits5References4
Prion
Prion
added 2018/10/08 4:29 p.m.13 views

Cross site scripting

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS...

4.3CVSS7.6AI score0.05657EPSS
Exploits5References4Affected Software1
Prion
Prion
added 2018/10/08 4:29 p.m.19 views

Hardcoded credentials

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials admin, admin. Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any...

7.5CVSS9.7AI score0.3689EPSS
Exploits5References4Affected Software1
Cvelist
Cvelist
added 2018/10/08 4:0 p.m.25 views

CVE-2018-17440

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials admin, admin. Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any...

9.8AI score0.3689EPSS
Exploits5References4
CVE
CVE
added 2018/10/08 4:0 p.m.76 views

CVE-2018-17442

CVE-2018-17442 affects D-Link Central WiFi Manager prior to version 1.03r0100-Beta1. The vulnerability lies in an unrestricted file upload via the onUploadLogPic endpoint, which can be exploited by remote authenticated users to achieve remote code execution (PHP) by uploading a crafted archive (....

8.8CVSS9.2AI score0.14219EPSS
Exploits5References4Affected Software1
Cvelist
Cvelist
added 2018/10/08 4:0 p.m.27 views

CVE-2018-17442

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code...

9.3AI score0.14219EPSS
Exploits5References4
Rows per page
Query Builder