Vulnerability CVE-2019-13373


Published: 2019-07-06   Modified: 2019-07-07

Description:
An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL.

Type:

CWE-89

(Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Dlink -> Central wifimanager 

 References:
https://github.com/unh3x/unh3x.github.io/blob/master/_posts/2019-02-21-D-link-(CWM-100)-Multiple-Vulnerabilities.md
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10117
https://unh3x.github.io/2019/02/21/D-link-(CWM-100)-Multiple-Vulnerabilities/

Copyright 2024, cxsecurity.com

 

Back to Top