Vulnerabilities (CVE)

Filtered by vendor Dlink Subscribe

Filtered by product Central Wifimanager

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2019-13372	1 Dlink	1 Central Wifimanager	2020-08-24	7.5 HIGH	9.8 CRITICAL
/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication.
CVE-2019-13375	2 Dlink, Microsoft	2 Central Wifimanager, Windows	2019-07-09	7.5 HIGH	9.8 CRITICAL
A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. The vulnerability does not need any authentication.
CVE-2019-13373	2 Dlink, Microsoft	2 Central Wifimanager, Windows	2019-07-09	7.5 HIGH	9.8 CRITICAL
An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL.