Dlink Central Wifimanager
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Dlink Central Wifimanager.
By the Year
In 2025 there have been 0 vulnerabilities in Dlink Central Wifimanager. Central Wifimanager did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 0 | 0.00 |
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 4 | 8.00 |
2018 | 4 | 7.70 |
It may take a day or so for new Central Wifimanager vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Dlink Central Wifimanager Security Vulnerabilities
/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6
CVE-2019-13372
9.8 - Critical
- July 06, 2019
/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication.
authentification
The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which
CVE-2018-15515
7.8 - High
- January 31, 2019
The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which allows unprivileged local users to gain SYSTEM privileges.
The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually
CVE-2018-15517
8.6 - High
- January 31, 2019
The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI.
SSRF
The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices
CVE-2018-15516
5.8 - Medium
- January 31, 2019
The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF.
SSRF
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1
CVE-2018-17443
6.1 - Medium
- October 08, 2018
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS.
XSS
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1
CVE-2018-17442
8.8 - High
- October 08, 2018
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code.
Unrestricted File Upload
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1
CVE-2018-17441
6.1 - Medium
- October 08, 2018
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS.
XSS
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1
CVE-2018-17440
9.8 - Critical
- October 08, 2018
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any file in the web root directory and then accessing it via a request.
Unrestricted File Upload
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Dlink Central Wifimanager or by Dlink? Click the Watch button to subscribe.