module
D-Link Central WiFi Manager CWM(100) RCE
| Disclosed |
|---|
| Jul 9, 2019 |
Disclosed
Jul 9, 2019
Description
This module exploits a PHP code injection vulnerability in D-Link Central WiFi Manager CWM(100)
versions below `v1.03R0100_BETA6`. The vulnerability exists in the
username cookie, which is passed to `eval()` without being sanitized.
Dangerous functions are not disabled by default, which makes it possible
to get code execution on the target.
versions below `v1.03R0100_BETA6`. The vulnerability exists in the
username cookie, which is passed to `eval()` without being sanitized.
Dangerous functions are not disabled by default, which makes it possible
to get code execution on the target.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.