CVE-2018-15516

CWE-918 — Server-Side Request Forgery (SSRF)3 documents3 sources

Severity

5.8MEDIUM

EPSS

2.4%

top 14.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Central Wifimanager

Timeline

PublishedJan 31

Latest updateMay 14

Description

The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:NExploitability: 1.3 | Impact: 4.0

Affected Packages1 packages

▶NVDdlink/central_wifimanager1.03

🔴Vulnerability Details

GHSA

GHSA-h6pf-c244-8chr: The FTP service on D-Link Central WiFiManager CWM-100 1↗2022-05-14

▶

CVEList

CVE-2018-15516: The FTP service on D-Link Central WiFiManager CWM-100 1↗2019-01-31

▶