Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-17441

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

6.1MEDIUM

EPSS

39.1%

top 2.72%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Dlink Central Wifimanager

Timeline

PublishedOct 8

Latest updateMay 14

Description

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDdlink/central_wifimanager1.00 — 1.03

Patches

Patch: securityadvisories.dlink.com ↗Patch: securityadvisories.dlink.com ↗

🔴Vulnerability Details

GHSA

GHSA-hq86-cqgq-p75f: An issue was discovered on D-Link Central WiFi Manager before v 1↗2022-05-14

▶

CVEList

CVE-2018-17441: An issue was discovered on D-Link Central WiFi Manager before v 1↗2018-10-08

▶

💥Exploits & PoCs

Exploit-DB

D-Link Central WiFiManager Software Controller 1.03 - Multiple Vulnerabilities↗2018-10-05

▶