Vulnerabilities > CVE-2018-15515 - Unspecified vulnerability in Dlink Central Wifimanager 1.03R0098

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
dlink
NVD
Published: 2019-01-31
Updated: 2019-10-03

Summary

The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which allows unprivileged local users to gain SYSTEM privileges.

Vulnerable Configurations

Part Description Count
Application
Dlink
1

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/150244/DLINK-CENTRAL-WIFI-MANAGER-CWM-100-SYSTEM-PRIVILEGE-ESCALATION.txt
idPACKETSTORM:150244
last seen2018-11-10
published2018-11-09
reporterhyp3rlinx
sourcehttps://packetstormsecurity.com/files/150244/D-LINK-Central-WifiManager-CWM-100-1.03-r0098-DLL-Hijacking.html
titleD-LINK Central WifiManager (CWM 100) 1.03 r0098 DLL Hijacking

References