D Link Central Wifimanager
By the Year
In 2024 there have been 0 vulnerabilities in D Link Central Wifimanager . Central Wifimanager did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 2 | 7.20 |
| 2018 | 4 | 7.70 |
It may take a day or so for new Central Wifimanager vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent D Link Central Wifimanager Security Vulnerabilities
The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices
CVE-2018-15516
5.8 - Medium
- January 31, 2019
The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF.
XSPA
The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually
CVE-2018-15517
8.6 - High
- January 31, 2019
The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI.
XSPA
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1
CVE-2018-17440
9.8 - Critical
- October 08, 2018
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any file in the web root directory and then accessing it via a request.
Unrestricted File Upload
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1
CVE-2018-17441
6.1 - Medium
- October 08, 2018
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS.
XSS
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1
CVE-2018-17442
8.8 - High
- October 08, 2018
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code.
Unrestricted File Upload
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1
CVE-2018-17443
6.1 - Medium
- October 08, 2018
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Dlink Central Wifimanager or by D Link? Click the Watch button to subscribe.
