CPE-96AB295F-E186-4861-8E0D-562D014C53EC Détail

CPE Details

D-Link Central WifiManager 1.03 R0098

Vendor

dlink

Product

central_wifimanager

Version

1.03

Created

2023-04-26
17h28 +00:00

Modifié

2023-04-26
17h36 +00:00

Liens officiels

CPE NVD

Alerte pour un CPE

Restez informé de toutes modifications pour un CPE spécifique.

Gestion des notifications

Liste des Notifications

Alerte pour un CPE

Restez informé de toutes modifications pour un CPE spécifique.

Paramètres

Vous pouvez spécifier un titre qui sera récupéré dans les alertes qui seront envoyées.

CPE ID

Planifications

Mois

Prochaine exécution calculée

Jour

Jour de la semaine

Heure

Minute

Date de création

Dernière exécution

Prochaine exécution

Fonctionnalité nécessitant une connexion

Cette fonctionnalité qui vous permet de recevoir des alertes, n'est active que lorsque vous êtes connecté à votre compte.

CPE Name: cpe:2.3:a:dlink:central_wifimanager:1.03:r0098::::::

Informations

Vendor

dlink

Product

central_wifimanager

Version

1.03

Update

r0098

Related CVE

Open and find in CVE List

CVE ID	Publié	Description	Score	Gravité
CVE-2019-13375	2019-07-06 20h55 +00:00	A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. The vulnerability does not need any authentication.	9.8	Critique
CVE-2019-13374	2019-07-06 20h54 +00:00	A cross-site scripting (XSS) vulnerability in resource view in PayAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to inject arbitrary web script or HTML via the index.php/Pay/passcodeAuth passcode parameter.	6.1	Moyen
CVE-2019-13373	2019-07-06 20h54 +00:00	An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL.	9.8	Critique
CVE-2019-13372	2019-07-06 20h54 +00:00	/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication.	9.8	Critique
CVE-2018-15516	2019-01-31 18h00 +00:00	The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF.	5.8	Moyen
CVE-2018-15517	2019-01-31 18h00 +00:00	The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI.	8.6	Haute
CVE-2018-17441	2018-10-08 14h00 +00:00	An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS.	6.1	Moyen
CVE-2018-17443	2018-10-08 14h00 +00:00	An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS.	6.1	Moyen

D-Link Central WifiManager 1.03 R0098

CPE Details

CPE Name: cpe:2.3:a:dlink:central_wifimanager:1.03:r0098:*:*:*:*:*:*

Informations

Vendor

Product

Version

Update

Related CVE

CPE Name: cpe:2.3:a:dlink:central_wifimanager:1.03:r0098::::::