Privilege Escalation Vulnerability in D-Link Central WiFiManager
CVE-2018-15515
7.8HIGH
What is CVE-2018-15515?
The CaptivePortal service in D-Link Central WiFiManager CWM-100 1.03 r0098 is susceptible to a security flaw that allows unprivileged local users to exploit the CaptivePortal.exe component. By loading a rogue DLL named 'quserex.dll' from the CaptivePortal.exe subdirectory, these users can escalate their privileges to SYSTEM level, potentially compromising the device's security and integrity.