CVE-2018-17440

Severity CVSS v4.0:
Pending analysis
Type:
CWE-434 Unrestricted Upload of File with Dangerous Type
Publication date:
08/10/2018
Last modified:
26/04/2023

Description

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any file in the web root directory and then accessing it via a request.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:dlink:central_wifimanager:*:*:*:*:*:*:*:* 1.00 (including) 1.03 (excluding)