Vulnerabilities > CVE-2018-15516 - Server-Side Request Forgery (SSRF) vulnerability in Dlink Central Wifimanager 1.03
Attack vector
NETWORK Attack complexity
HIGH Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Packetstorm
data source | https://packetstormsecurity.com/files/download/150242/DLINK-CENTRAL-WIFI-MANAGER-CWM-100-FTP-SERVER-PORT-BOUNCE-SCAN.txt |
id | PACKETSTORM:150242 |
last seen | 2018-11-10 |
published | 2018-11-09 |
reporter | hyp3rlinx |
source | https://packetstormsecurity.com/files/150242/D-LINK-Central-WifiManager-CWM-100-1.03-r0098-Man-In-The-Middle.html |
title | D-LINK Central WifiManager (CWM 100) 1.03 r0098 Man-In-The-Middle |
References
- http://packetstormsecurity.com/files/150242/D-LINK-Central-WifiManager-CWM-100-1.03-r0098-Man-In-The-Middle.html
- http://packetstormsecurity.com/files/150242/D-LINK-Central-WifiManager-CWM-100-1.03-r0098-Man-In-The-Middle.html
- http://seclists.org/fulldisclosure/2018/Nov/27
- http://seclists.org/fulldisclosure/2018/Nov/27
- https://vimeo.com/299797225
- https://vimeo.com/299797225