CyberSec.Space Logo
Back to CVE Browser

CVE-2018-17440

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1490%
EPSS Percentile30.80th
PublishedOct 8, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any file in the web root directory and then accessing it via a request.

Affected Platforms (CPE)

πŸ“¦
Dlink

Central Wifimanager

>= 1.00 and < 1.03

References & Advisories

πŸ”— http://seclists.org/fulldisclosure/2018/Oct/11
πŸ”— https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10092
πŸ”— https://www.exploit-db.com/exploits/45533/
πŸ”— https://www.secureauth.com/labs/advisories/d-link-central-wifimanager-software-controller-multiple-vulnerabilities
πŸ”— http://seclists.org/fulldisclosure/2018/Oct/11
πŸ”— https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10092
πŸ”— https://www.exploit-db.com/exploits/45533/
πŸ”— https://www.secureauth.com/labs/advisories/d-link-central-wifimanager-software-controller-multiple-vulnerabilities

Related Vulnerabilities

CVE-2018-155178.6

The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP serv...

CVE-2018-155157.8

The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from th...

CVE-2018-155165.8

The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce ...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...