CVE-2018-17442

Опубликовано: 08 окт. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code.

Ссылки

http://seclists.org/fulldisclosure/2018/Oct/11
Exploit
Mailing List
Third Party Advisory
https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10092
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/45533/
Exploit
Third Party Advisory
VDB Entry
https://www.secureauth.com/labs/advisories/d-link-central-wifimanager-software-controller-multiple-vulnerabilities
Exploit
Third Party Advisory
http://seclists.org/fulldisclosure/2018/Oct/11
Exploit
Mailing List
Third Party Advisory
https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10092
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/45533/
Exploit
Third Party Advisory
VDB Entry
https://www.secureauth.com/labs/advisories/d-link-central-wifimanager-software-controller-multiple-vulnerabilities
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dlink:central_wifimanager:*:*:*:*:*:*:*:*

Версия от 1.00 (включая) до 1.03 (исключая)

EPSS

Процентиль: 91%

0.07008

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-w7m4-2jq4-rrh5

CVSS3: 8.8

github

больше 3 лет назад

BDU:2019-00024

CVSS3: 8.8

fstec

больше 7 лет назад

Уязвимость компонента onUploadLogPic программного контроллера для централизованного управления беспроводными сетями D-Link Central WiFi Manager, позволяющая нарушителю внедрить произвольный html-код

EPSS

Процентиль: 91%

0.07008

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434