5 matches found
CVE-2018-15517
creationtimestamp| type| source ---|---|--- 2025-01-12 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-01-12 2025-03-09 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-03-09 2025-03-09 00:00:00+00:00| exploited| The Shadowserver...
CVE-2018-15517
The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ U...
CVE-2018-15517
The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ U...
CVE-2018-15517
CVE-2018-15517 affects D-Link Central WifiManager CWM-100, version 1.03 r0098, where the MailConnect feature (meant to check SMTP connections) improperly allows outbound TCP to any port/IP, enabling server-side request forgery (SSRF). Exploitation demos show a URI like index.php/System/MailConnec...
D-LINK Central WifiManager (CWM 100) 1.03 r0098 Server-Side Request Forgery
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/DLINK-CENTRAL-WIFI-MANAGER-CWM-100-SERVER-SIDE-REQUEST-FORGERY.txt + ISR: ApparitionSec Greetz: indoushka | Eduardo B. Vendor us.dlink.com Product D-LINK Central WifiManager...