module
D-Link Central WiFi Manager CWM(100) RCE
| Disclosed |
|---|
| Jul 9, 2019 |
Disclosed
Jul 9, 2019
Description
This module exploits a PHP code injection vulnerability in D-Link Central WiFi Manager CWM(100)
versions below `v1.03R0100_BETA6`. The vulnerability exists in the
username cookie, which is passed to `eval()` without being sanitized.
Dangerous functions are not disabled by default, which makes it possible
to get code execution on the target.
versions below `v1.03R0100_BETA6`. The vulnerability exists in the
username cookie, which is passed to `eval()` without being sanitized.
Dangerous functions are not disabled by default, which makes it possible
to get code execution on the target.
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.