Vulnerabilities > CVE-2018-15516 - Server-Side Request Forgery (SSRF) vulnerability in Dlink Central Wifimanager 1.03

CVSS 5.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

high complexity

dlink

CWE-918

NVD

Published: 2019-01-31

Updated: 2023-04-26

Summary

The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF.

Vulnerable Configurations

Part	Description	Count
Application	Dlink Dlink Central Wifimanager 1.03	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

Packetstorm

data source	https://packetstormsecurity.com/files/download/150242/DLINK-CENTRAL-WIFI-MANAGER-CWM-100-FTP-SERVER-PORT-BOUNCE-SCAN.txt
id	PACKETSTORM:150242
last seen	2018-11-10
published	2018-11-09
reporter	hyp3rlinx
source	https://packetstormsecurity.com/files/150242/D-LINK-Central-WifiManager-CWM-100-1.03-r0098-Man-In-The-Middle.html
title	D-LINK Central WifiManager (CWM 100) 1.03 r0098 Man-In-The-Middle

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Packetstorm

References