CVE-2018-15516

Published: Jan 31, 2019Modified: Nov 21, 2024

5.8

Vector

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

Exploitability: 1.3 / Impact: 4.0

Source: NVD

Description

The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF.

Affected (1)

Products: Dlink: Central Wifimanager

Dlink

1 product

Central Wifimanager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dlink Central Wifimanager	Version 1.03 r0098

Related CWEs

CWE-918

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (6)

http://packetstormsecurity.com/files/150242/D-LINK-Central-WifiManager-CWM-100-1.03-r0098-Man-In-The-Middle.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2018/Nov/27

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

https://vimeo.com/299797225

Source: cve@mitre.org

ExploitThird Party Advisory

http://packetstormsecurity.com/files/150242/D-LINK-Central-WifiManager-CWM-100-1.03-r0098-Man-In-The-Middle.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2018/Nov/27

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

https://vimeo.com/299797225

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.