Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-17442

CWE-434 — Unrestricted File Upload4 documents4 sources

Severity

8.8HIGH

EPSS

7.0%

top 8.53%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Dlink Central Wifimanager

Timeline

PublishedOct 8

Latest updateMay 14

Description

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDdlink/central_wifimanager1.00 — 1.03

Patches

Patch: securityadvisories.dlink.com ↗Patch: securityadvisories.dlink.com ↗

🔴Vulnerability Details

GHSA

GHSA-w7m4-2jq4-rrh5: An issue was discovered on D-Link Central WiFi Manager before v 1↗2022-05-14

▶

CVEList

CVE-2018-17442: An issue was discovered on D-Link Central WiFi Manager before v 1↗2018-10-08

▶

💥Exploits & PoCs

Exploit-DB

D-Link Central WiFiManager Software Controller 1.03 - Multiple Vulnerabilities↗2018-10-05

▶