PT-2018-2074 · D Link · D-Link Central Wifi Manager
Julian Muñoz
·
Published
2018-06-04
·
Updated
2023-04-26
·
CVE-2018-17442
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
D-Link Central WiFi Manager versions prior to 1.03r0100-Beta1
Description
The issue is related to an unrestricted file upload vulnerability in the "onUploadLogPic" endpoint, which allows remote authenticated users to execute arbitrary PHP code. This vulnerability can be exploited by a remote attacker to inject arbitrary HTML code.
Recommendations
For versions prior to 1.03r0100-Beta1, update to version 1.03r0100-Beta1 or later to resolve the issue.
As a temporary workaround, consider restricting access to the "onUploadLogPic" endpoint until a patch is available.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
D-Link Central Wifi Manager