Lucene search
K

28 matches found

Nuclei
Nuclei
added 2 days ago87 views

D-Link Central WiFi Manager CWM(100) - Remote Code Execution

/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication. id: CVE-2019-13372 info:...

9.8CVSS7.5AI score0.80682EPSS
Exploits4References4
Nuclei
Nuclei
added 6 days ago54 views

D-Link Central WifiManager - Server-Side Request Forgery

D-Link Central WifiManager is susceptible to server-side request forgery. The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, as demonstrated by an...

8.6CVSS6.9AI score0.44101EPSS
Exploits3References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.11 views

EUVD-2018-7392

Malware in sbrugna...

7.8CVSS7.7AI score0.01675EPSS
Exploits3References4
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.212 views

D-Link Central WiFiManager SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'csv' require 'digest' class MetasploitModule 'D-Link Central WiFiManager SQL injection', 'Description' = %q This module exploits a SQLi vulnerability found in...

9.8CVSS7AI score0.68019EPSS
Exploits2
VulnCheck KEV
VulnCheck KEV
added 2024/01/04 12:0 a.m.3 views

VulnCheck KEV: CVE-2018-15517

The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ U...

8.6CVSS7.3AI score0.44101EPSS
Exploits3References1
Check Point Advisories
Check Point Advisories
added 2022/11/14 12:0 a.m.6 views

D-Link Central WiFiManager CWM-100 SQL Injection (CVE-2019-13373)

An SQL injection vulnerability exists in D-Link Central WiFiManager CWM-100. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS5.5AI score0.68019EPSS
Exploits2
Metasploit
Metasploit
added 2021/02/15 5:42 p.m.89 views

D-Link Central WiFiManager SQL injection

This module exploits a SQLi vulnerability found in D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6. The vulnerability is an exposed API endpoint that allows the execution of SQL queries without authentication, using this vulnerability, it's possible to retrieve usernames and password...

9.8CVSS9.8AI score0.68019EPSS
Exploits2
NVD
NVD
added 2019/01/31 7:29 p.m.25 views

CVE-2018-15516

The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF...

5.8CVSS5.9AI score0.02034EPSS
Exploits3References3
NVD
NVD
added 2019/01/31 7:29 p.m.29 views

CVE-2018-15517

The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ U...

8.6CVSS8.6AI score0.44101EPSS
Exploits3References2
NVD
NVD
added 2019/01/31 7:29 p.m.29 views

CVE-2018-15515

The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which allows unprivileged local users to gain SYSTEM privileges...

7.8CVSS7.7AI score0.01675EPSS
Exploits3References2
CVE
CVE
added 2019/01/31 7:0 p.m.48 views

CVE-2018-15515

The CVE-2018-15515 entry concerns D-LINK Central WiFiManager CWM-100 (firmware 1.03 r0098). The vulnerability arises from loading Trojan file quserex.dll from the CaptivelPortal.exe subdirectory, enabling a local unprivileged user to gain SYSTEM privileges via a Trojan/DLL hijack scenario. The co...

7.8CVSS7.6AI score0.01675EPSS
Exploits3References2Affected Software1
CVE
CVE
added 2019/01/31 7:0 p.m.80 views

CVE-2018-15516

CVE-2018-15516 affects the D-Link Central WiFiManager CWM-100, version 1.03 r0098, where the FTP server component can be abused to perform a PORT command bounce scan on port 8000, resulting in a Server-Side Request Forgery (SSRF) . Documented impact includes remote abuse of the network and potent...

5.8CVSS5.8AI score0.02034EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2019/01/31 7:0 p.m.24 views

CVE-2018-15517

The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ U...

8.6AI score0.44101EPSS
Exploits3References2
Cvelist
Cvelist
added 2019/01/31 7:0 p.m.29 views

CVE-2018-15515

The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which allows unprivileged local users to gain SYSTEM privileges...

7.7AI score0.01675EPSS
Exploits3References2
CVE
CVE
added 2019/01/31 7:0 p.m.88 views

CVE-2018-15517

CVE-2018-15517 affects D-Link Central WifiManager CWM-100, version 1.03 r0098, where the MailConnect feature (meant to check SMTP connections) improperly allows outbound TCP to any port/IP, enabling server-side request forgery (SSRF). Exploitation demos show a URI like index.php/System/MailConnec...

8.6CVSS8.5AI score0.44101EPSS
In wildExploits3References2Affected Software1
CNVD
CNVD
added 2018/12/03 12:0 a.m.3 views

Command Execution Vulnerability in D-link Central WifiManager

D-LINK Central WifiManager CWM-100 is D-LINK centralized wireless management software. A code execution vulnerability exists in the implementation of D-Link Central WiFiManager, which can be exploited by an attacker to gain control of a web server...

7.8AI score
Exploits0
OpenVAS
OpenVAS
added 2018/12/03 12:0 a.m.7 views

D-Link Central WiFiManager Software Controller Detection Consolidation

Consolidation of D-Link Central WiFiManager Software Controller detections. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

7.5AI score
Exploits0References1
OpenVAS
OpenVAS
added 2018/12/01 12:0 a.m.9 views

D-Link Central WiFiManager Software Controller Detection (Windows SMB Login)

This script detects the installed version of D-Link Central WiFiManager Software Controller for Windows. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

7.3AI score
Exploits0
CNVD
CNVD
added 2018/11/12 12:0 a.m.2 views

D-LINK Central WifiManager CWM-100 FTP Server Port Bounce Scanning Vulnerability

D-LINK Central WifiManager CWM-100 is D-LINK centralized wireless management software. The FTP server component of D-LINK Central WifiManager can be used as a man-in-the-middle machine to allow PORT Command bounce scanning attacks. This vulnerability allows remote attackers to abuse the network a...

5.8CVSS5.9AI score0.02034EPSS
Exploits3References1
0day.today
0day.today
added 2018/11/09 12:0 a.m.262 views

D-LINK Central WifiManager (CWM 100) 1.03 r0098 Server-Side Request Forgery Vulnerability

Using a web browser or script server-side request forgery SSRF can be initiated against internal/external systems to conduct port scans by leveraging D-LINK's MailConnect component. The MailConnect feature on D-Link Central WiFiManager CWM-100 version 1.03 r0098 devices is intended to check a...

8.7AI score0.44101EPSS
Exploits3
Rows per page
Query Builder