CPE Details
D-Link Central WifiManager 1.03
1.03
2023-04-26
17h28 +00:00
17h28 +00:00
2023-04-26
17h36 +00:00
17h36 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:a:dlink:central_wifimanager:1.03:*:*:*:*:*:*:*
Informations
Vendor
dlinkProduct
central_wifimanagerVersion
1.03Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. The vulnerability does not need any authentication. | 9.8 |
Critique |
||
| A cross-site scripting (XSS) vulnerability in resource view in PayAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to inject arbitrary web script or HTML via the index.php/Pay/passcodeAuth passcode parameter. | 6.1 |
Moyen |
||
| An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL. | 9.8 |
Critique |
||
| /web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication. | 9.8 |
Critique |
||
| An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS. | 6.1 |
Moyen |
||
| An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS. | 6.1 |
Moyen |
2025©
tesweb SA
