Vulnerability feed

Vulnerability

CVE-2019-13372

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2019-13372
Description:: /web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication.
Last updated date:: 02/28/2023

Reports

alt

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 04/12/2021
Reference url to background: https://unit42.paloaltonetworks.com/network-attack-trends-winter-2020/

Type:: exploit
Confidence:: HIGH
Date of publishing:: 08/27/2021
Reference url to background: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/dlink_central_wifimanager_rce.rb

Type:: exploit
Confidence:: HIGH
Date of publishing:: 02/28/2023
Reference url to background: http://packetstormsecurity.com/files/158904/D-Link-Central-WiFi-Manager-CWM-100-Remote-Code-Execution.html

Vulnerability Feed Contributors About Blog

@inTheWild

©2024 |