PT-2018-2074 · D Link · D-Link Central Wifi Manager

Julian Muñoz

Publicado

2018-06-04

Atualizado

2023-04-26

CVE-2018-17442

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions D-Link Central WiFi Manager versions prior to 1.03r0100-Beta1

Description The issue is related to an unrestricted file upload vulnerability in the "onUploadLogPic" endpoint, which allows remote authenticated users to execute arbitrary PHP code. This vulnerability can be exploited by a remote attacker to inject arbitrary HTML code.

Recommendations For versions prior to 1.03r0100-Beta1, update to version 1.03r0100-Beta1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "onUploadLogPic" endpoint until a patch is available.

Exploit

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

BDU:2019-00024

CVE-2018-17442

Produtos afetados

D-Link Central Wifi Manager

PT-2018-2074 · D Link · D-Link Central Wifi Manager

CVE-2018-17442

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9