SQL Injection Vulnerability in D-Link Central WiFi Manager
CVE-2019-13375

9.8CRITICAL

Key Information:

Vendor
D-Link
Status
Central Wifimanager
Vendor
CVE Published:
6 July 2019

Summary

A SQL Injection vulnerability has been identified in D-Link Central WiFi Manager (CWM(100)), specifically in PayAction.class.php via the index.php/Pay/passcodeAuth parameter. This exploit allows an attacker to manipulate the SQL queries sent to the database, which can lead to unauthorized data exposure or alteration. No authentication is required, making this vulnerability particularly concerning for network security.

References

https://unh3x.github.io/2019/02/21/D-link-%28CWM-100%29-M...
x_refsource_MISC
https://github.com/unh3x/unh3x.github.io/blob/master/_pos...
x_refsource_MISC
https://supportannouncement.us.dlink.com/announcement/pub...
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.