D-Link Central WifiManager 1.00

CPE Details

D-Link Central WifiManager 1.00
dlink
central_wifimanager
1.00
2023-04-26
17h28 +00:00
2023-04-26
17h36 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:dlink:central_wifimanager:1.00:*:*:*:*:*:*:*

Informations

Vendor

dlink

Product

central_wifimanager

Version

1.00

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2019-13372 2019-07-06 20h54 +00:00 /web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication.
9.8
Critique
CVE-2018-17440 2018-10-08 14h00 +00:00 An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any file in the web root directory and then accessing it via a request.
9.8
Critique
CVE-2018-17441 2018-10-08 14h00 +00:00 An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS.
6.1
Moyen
CVE-2018-17442 2018-10-08 14h00 +00:00 An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code.
8.8
Haute
CVE-2018-17443 2018-10-08 14h00 +00:00 An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS.
6.1
Moyen