D-Link Central WifiManager 1.02

CPE Details

D-Link Central WifiManager 1.02
dlink
central_wifimanager
1.02
2023-04-26
17h28 +00:00
2023-04-26
17h36 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:dlink:central_wifimanager:1.02:*:*:*:*:*:*:*

Informations

Vendor

dlink

Product

central_wifimanager

Version

1.02

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2019-13372 2019-07-06 20h54 +00:00 /web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication.
9.8
Critical
CVE-2018-17440 2018-10-08 14h00 +00:00 An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any file in the web root directory and then accessing it via a request.
9.8
Critical
CVE-2018-17441 2018-10-08 14h00 +00:00 An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS.
6.1
Medium
CVE-2018-17442 2018-10-08 14h00 +00:00 An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code.
8.8
High
CVE-2018-17443 2018-10-08 14h00 +00:00 An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS.
6.1
Medium