EUVD-2019-4872

Malware in sbrugna...

EUVD-2018-9195

Malware in sbrugna...

CVE-2023-21033

In addNetwork of WifiManager.java, there is a possible way to trigger a persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android...

CVE-2019-13373

An issue was discovered in the D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL...

CVE-2019-13374

A cross-site scripting XSS vulnerability in resource view in PayAction.class.php in D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6 allows remote attackers to inject arbitrary web script or HTML via the index.php/Pay/passcodeAuth passcode parameter...

CVE-2019-13375

A SQL Injection was discovered in D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. The vulnerability does not need any authentication...

Android Mercury Browser Intent URI Scheme And Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Android Mercury Browser Intent URI Scheme and Directory Traversal Vulnerability', 'Description' = %q This module exploits an unsafe intent URI...

CVE-2023-21033

In addNetwork of WifiManager.java, there is a possible way to trigger a persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android...

PT-2023-17824 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a possible way to trigger a persistent denial of service due to resource exhaustion in the addNetwork function of WifiManager.java. This could lead to a local denial of service...

CVE-2022-20535

In registerLocalOnlyHotspotSoftApCallback of WifiManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed...

The vulnerability of the PayAction.class.php script of the software controller for the centralized control of wireless networks by D-Link Central WiFi Manager CWM(100) allows a hacker to inject any desired web script or HTML code.

The vulnerability of the PayAction.class.php script of the software controller for the centralized control of wireless networks by D-Link Central WiFi Manager CWM100 is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a remote attacker t...

D-Link Central WiFi Manager CWM(100) RCE

This module exploits a PHP code injection vulnerability in D-Link Central WiFi Manager CWM100 versions below v1.03R0100BETA6. The vulnerability exists in the username cookie, which is passed to eval without being sanitized. Dangerous functions are not disabled by default, which makes it possible ...

D-Link Central WiFi Manager CWM(100) Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'D-Link Central WiFi Manager CWM100 RCE', 'Description' = %q This module exploits a PHP code injection vulnerability in D-Link Central WiFi Manage...

D-Link Central WiFi Manager CWM(100) Remote Code Execution Exploit

This Metasploit module exploits a PHP code injection vulnerability in D-Link Central WiFi Manager CWM100 versions below v1.03R0100BETA6. The vulnerability exists in the username cookie, which is passed to eval without being sanitized. Dangerous functions are not disabled by default, which makes i...

The vulnerability of the /web/Public/Conn.php component of the software controller for centralized control of wireless networks in D-Link Central WiFi Manager CWM(100) allows a intruder to execute arbitrary code.

The vulnerability of the /web/Public/Conn.php component of the software controller for centralized control of D-Link Central WiFi Manager CWM100 relates to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows an attacker operating remotely to execute...

The vulnerability of the PayAction.class.php script of the software controller for centralized control of wireless networks by D-Link Central WiFi Manager CWM(100) allows a hacker to execute arbitrary code.

The vulnerability of the PayAction.class.php script of the software controller for centralized control of wireless networks by D-Link Central WiFi Manager CWM100 is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker operating...

D-Link Central WiFi Manager (CWM-100) Arbitrary SQL Command Query Vulnerability

D-Link Central WiFi Manager CWM-100 is a Web-based wireless access point management tool. An arbitrary SQL command query vulnerability exists in D-Link Central WiFi Manager CWM-100 versions prior to 1.03R0100BETA6. The vulnerability stems from a failure to validate input. An attacker can exploit...

D-Link Central WiFi Manager (CWM-100) SQL Injection Vulnerability

D-Link Central WiFi Manager CWM-100 is a Web-based wireless access point management tool. A SQL injection vulnerability exists in the index.php/Pay/passcodeAuth passcode parameter in PayAction.class.php in versions prior to D-Link Central WiFi Manager CWM-100 1.03R0100BETA6. An attacker can explo...

D-Link Central WiFi Manager (CWM-100) Remote Code Execution Vulnerability

D-Link Central WiFi Manager CWM-100 is a Web-based wireless access point management tool that enables you to create and manage multi-site, multi-tenant wireless networks. A remote code execution vulnerability exists in /web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM-100...

CVE-2019-13373

An issue was discovered in the D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL...