Skip to main content

Central Wifimanager

8 CVEs product

Monthly

CVE-2019-13375 CRITICAL PATCH Act Now

A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi D-Link PHP Central Wifimanager
NVD GitHub
CVSS 3.0
9.8
EPSS
28.2%
CVE-2019-13374 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in resource view in PayAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS D-Link PHP Central Wifimanager
NVD GitHub
CVSS 3.0
6.1
EPSS
2.4%
CVE-2019-13373 CRITICAL POC PATCH THREAT Act Now

An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi D-Link PHP Central Wifimanager
NVD GitHub
CVSS 3.0
9.8
EPSS
68.0%
CVE-2019-13372 CRITICAL POC THREAT Emergency

/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP D-Link RCE Central Wifimanager
NVD GitHub
CVSS 3.1
9.8
EPSS
80.7%
CVE-2018-17443 MEDIUM POC PATCH This Month

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS D-Link Central Wifimanager
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
5.7%
CVE-2018-17442 HIGH POC PATCH THREAT This Week

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload D-Link PHP Central Wifimanager
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
14.2%
CVE-2018-17441 MEDIUM POC PATCH This Month

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS D-Link Central Wifimanager
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
5.7%
CVE-2018-17440 CRITICAL POC PATCH THREAT Act Now

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload D-Link PHP Central Wifimanager
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
36.9%
EPSS 28% CVSS 9.8
CRITICAL PATCH Act Now

A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi D-Link PHP +1
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in resource view in PayAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS D-Link PHP +1
NVD GitHub
EPSS 68% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi D-Link PHP +1
NVD GitHub
EPSS 81% CVSS 9.8
CRITICAL POC THREAT Emergency

/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP D-Link +2
NVD GitHub
EPSS 6% CVSS 6.1
MEDIUM POC PATCH This Month

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS D-Link Central Wifimanager
NVD Exploit-DB
EPSS 14% CVSS 8.8
HIGH POC PATCH THREAT This Week

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload D-Link PHP +1
NVD Exploit-DB
EPSS 6% CVSS 6.1
MEDIUM POC PATCH This Month

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS D-Link Central Wifimanager
NVD Exploit-DB
EPSS 37% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload D-Link PHP +1
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy