CyberSec.Space Logo
Back to CVE Browser

CVE-2018-15515

HIGH
7.8
CVSS Severity Score
EPSS Score0.0250%
EPSS Percentile17.46th
PublishedJan 31, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which allows unprivileged local users to gain SYSTEM privileges.

Affected Platforms (CPE)

πŸ“¦
Dlink

Central Wifimanager

= 1.03_r0098

References & Advisories

πŸ”— http://packetstormsecurity.com/files/150244/D-LINK-Central-WifiManager-CWM-100-1.03-r0098-DLL-Hijacking.html
πŸ”— http://seclists.org/fulldisclosure/2018/Nov/29
πŸ”— http://packetstormsecurity.com/files/150244/D-LINK-Central-WifiManager-CWM-100-1.03-r0098-DLL-Hijacking.html
πŸ”— http://seclists.org/fulldisclosure/2018/Nov/29

Related Vulnerabilities

CVE-2018-155178.6

The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP serv...

CVE-2018-155165.8

The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce ...

CVE-2018-010110.0

A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could ...

CVE-2018-100012410.0

I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.p...