CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-15517

HIGH
8.6
CVSS Severity Score
EPSS Score0.0030%
EPSS Percentile1.11th
Published2019年1月31日
Last Modified2024年11月21日

Vulnerability Description

The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI.

Affected Platforms (CPE)

📦
Dlink

Central Wifimanager

= 1.03

References & Advisories

🔗 http://packetstormsecurity.com/files/150243/D-LINK-Central-WifiManager-CWM-100-1.03-r0098-Server-Side-Request-Forgery.html
🔗 http://seclists.org/fulldisclosure/2018/Nov/28
🔗 http://packetstormsecurity.com/files/150243/D-LINK-Central-WifiManager-CWM-100-1.03-r0098-Server-Side-Request-Forgery.html
🔗 http://seclists.org/fulldisclosure/2018/Nov/28

関連する脆弱性情報

CVE-2018-155157.8

The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from th...

CVE-2018-155165.8

The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce ...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...