CVE-2018-15516

Name of the Vulnerable Software and Affected Versions D-Link Central WiFiManager CWM-100 version 1.03 r0098

Description The issue is related to the FTP service, which allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in a Server-Side Request Forgery (SSRF) attack. This can also lead to network port scanning and potentially enable a man-in-the-middle attack. The vulnerability is associated with incorrect security requirements of the FTP Server component.

Recommendations For D-Link Central WiFiManager CWM-100 version 1.03 r0098, consider disabling the FTP service until a patch is available to prevent exploitation. Restrict access to port 8000 to minimize the risk of SSRF attacks.