CVE-2018-17440
N/A
N/A
Summary
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any file in the web root directory and then accessing it via a request.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.exploit-db.com/exploits/45533/
- https://www.secureauth.com/labs/advisories/d-link-central-wifimanager-software-controller-multiple-vulnerabilities
- http://seclists.org/fulldisclosure/2018/Oct/11
- https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10092
References
- https://www.exploit-db.com/exploits/45533/
- https://www.secureauth.com/labs/advisories/d-link-central-wifimanager-software-controller-multiple-vulnerabilities
- http://seclists.org/fulldisclosure/2018/Oct/11
- https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10092
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.