CVE-2019-13373
Severity CVSS v4.0:
Pending analysis
Type:
CWE-89
SQL Injection
Publication date:
06/07/2019
Last modified:
17/06/2026
Description
An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:dlink:central_wifimanager:1.03:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/unh3x/unh3x.github.io/blob/master/_posts/2019-02-21-D-link-%28CWM-100%29-Multiple-Vulnerabilities.md
- https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10117
- https://unh3x.github.io/2019/02/21/D-link-%28CWM-100%29-Multiple-Vulnerabilities/
- https://github.com/unh3x/unh3x.github.io/blob/master/_posts/2019-02-21-D-link-%28CWM-100%29-Multiple-Vulnerabilities.md
- https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10117
- https://unh3x.github.io/2019/02/21/D-link-%28CWM-100%29-Multiple-Vulnerabilities/



