CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-17440

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1490%
EPSS Percentile30.80th
Published2018年10月8日
Last Modified2024年11月21日

Vulnerability Description

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any file in the web root directory and then accessing it via a request.

Affected Platforms (CPE)

📦
Dlink

Central Wifimanager

>= 1.00 and < 1.03

References & Advisories

🔗 http://seclists.org/fulldisclosure/2018/Oct/11
🔗 https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10092
🔗 https://www.exploit-db.com/exploits/45533/
🔗 https://www.secureauth.com/labs/advisories/d-link-central-wifimanager-software-controller-multiple-vulnerabilities
🔗 http://seclists.org/fulldisclosure/2018/Oct/11
🔗 https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10092
🔗 https://www.exploit-db.com/exploits/45533/
🔗 https://www.secureauth.com/labs/advisories/d-link-central-wifimanager-software-controller-multiple-vulnerabilities

相关漏洞威胁

CVE-2018-155178.6

The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP serv...

CVE-2018-155157.8

The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from th...

CVE-2018-155165.8

The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce ...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...