Vulnerabilities > CVE-2018-15515 - Unspecified vulnerability in Dlink Central Wifimanager 1.03R0098
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which allows unprivileged local users to gain SYSTEM privileges.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Packetstorm
data source | https://packetstormsecurity.com/files/download/150244/DLINK-CENTRAL-WIFI-MANAGER-CWM-100-SYSTEM-PRIVILEGE-ESCALATION.txt |
id | PACKETSTORM:150244 |
last seen | 2018-11-10 |
published | 2018-11-09 |
reporter | hyp3rlinx |
source | https://packetstormsecurity.com/files/150244/D-LINK-Central-WifiManager-CWM-100-1.03-r0098-DLL-Hijacking.html |
title | D-LINK Central WifiManager (CWM 100) 1.03 r0098 DLL Hijacking |
References
- http://packetstormsecurity.com/files/150244/D-LINK-Central-WifiManager-CWM-100-1.03-r0098-DLL-Hijacking.html
- http://packetstormsecurity.com/files/150244/D-LINK-Central-WifiManager-CWM-100-1.03-r0098-DLL-Hijacking.html
- http://seclists.org/fulldisclosure/2018/Nov/29
- http://seclists.org/fulldisclosure/2018/Nov/29