CVE-2018-15515

Name of the Vulnerable Software and Affected Versions D-Link Central WiFiManager CWM-100 version 1.03 r0098

Description The issue is related to the CaptivelPortal service, which loads a Trojan horse quserex.dll from the CaptivelPortal.exe subdirectory. This allows unprivileged local users to gain SYSTEM privileges. The vulnerability is also associated with errors in loading the quserex.dll library, which can be exploited to execute arbitrary code using a specially crafted file.

Recommendations For D-Link Central WiFiManager CWM-100 version 1.03 r0098, consider disabling the CaptivelPortal service as a temporary workaround until a patch is available. Restrict access to the quserex.dll library to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.