Cross-Site Scripting Vulnerability in D-Link Central WiFi Manager
CVE-2019-13374

6.1MEDIUM

Key Information:

Vendor

D-Link
Status
Central Wifimanager
Vendor
CVE Published:
6 July 2019

What is CVE-2019-13374?

A cross-site scripting vulnerability exists in the resource view component of the D-Link Central WiFi Manager. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML through the passcode parameter in the index.php/Pay/passcodeAuth request. Unpatched installations prior to version 1.03R0100_BETA6 are particularly at risk, making it essential for users to apply the available updates to mitigate potential attacks.

References

https://unh3x.github.io/2019/02/21/D-link-%28CWM-100%29-M...
x_refsource_MISC
https://github.com/unh3x/unh3x.github.io/blob/master/_pos...
x_refsource_MISC
https://supportannouncement.us.dlink.com/announcement/pub...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.