CVE-2018-17440

Name of the Vulnerable Software and Affected Versions D-Link Central WiFi Manager versions prior to 1.03r0100-Beta1

Description The issue is related to the use of hardcoded credentials for the FTP service, which runs on port 9000. This allows a remote attacker to execute arbitrary PHP code by uploading a file to the web root directory and then accessing it. The hardcoded credentials used are admin for both the username and password.

Recommendations For versions prior to 1.03r0100-Beta1, update to version 1.03r0100-Beta1 or later to resolve the issue. As a temporary workaround, consider changing the default FTP credentials and restricting access to the FTP server on port 9000 to minimize the risk of exploitation.