Vulnerabilities > Dlink > Central Wifimanager

DATE CVE VULNERABILITY TITLE RISK
2019-07-06 CVE-2019-13375 SQL Injection vulnerability in Dlink Central Wifimanager 1.03
A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode.
network
low complexity
dlink CWE-89
critical
9.8
2019-07-06 CVE-2019-13374 Cross-site Scripting vulnerability in Dlink Central Wifimanager 1.03
A cross-site scripting (XSS) vulnerability in resource view in PayAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to inject arbitrary web script or HTML via the index.php/Pay/passcodeAuth passcode parameter.
network
low complexity
dlink CWE-79
6.1
2019-07-06 CVE-2019-13373 SQL Injection vulnerability in Dlink Central Wifimanager 1.03
An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6.
network
low complexity
dlink CWE-89
critical
9.8
2019-07-06 CVE-2019-13372 Code Injection vulnerability in Dlink Central Wifimanager
/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication.
network
low complexity
dlink CWE-94
critical
9.8
2019-01-31 CVE-2018-15517 Server-Side Request Forgery (SSRF) vulnerability in Dlink Central Wifimanager 1.03
The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI.
network
low complexity
dlink CWE-918
8.6
2019-01-31 CVE-2018-15516 Server-Side Request Forgery (SSRF) vulnerability in Dlink Central Wifimanager 1.03
The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF.
network
high complexity
dlink CWE-918
5.8
2019-01-31 CVE-2018-15515 Unspecified vulnerability in Dlink Central Wifimanager 1.03R0098
The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which allows unprivileged local users to gain SYSTEM privileges.
local
low complexity
dlink
7.8
2018-10-08 CVE-2018-17443 Cross-site Scripting vulnerability in Dlink Central Wifimanager
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1.
network
low complexity
dlink CWE-79
6.1
2018-10-08 CVE-2018-17442 Unrestricted Upload of File with Dangerous Type vulnerability in Dlink Central Wifimanager
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1.
network
low complexity
dlink CWE-434
8.8
2018-10-08 CVE-2018-17441 Cross-site Scripting vulnerability in Dlink Central Wifimanager
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1.
network
low complexity
dlink CWE-79
6.1