SB2018100805 - Multiple vulnerabilities in D-Link Central WiFi Manager

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018100805

SB2018100805 - Multiple vulnerabilities in D-Link Central WiFi Manager

Published: October 8, 2018

Security Bulletin ID SB2018100805
Severity
High
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Unrestricted upload of file with dangerous type (CVE-ID: CVE-2018-17440)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to the web app includes an FTP server running on port 9000 with the default credentials admin/admin. A remote attacker can establish a connection to the server and upload a specially crafted PHP file to execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

2) Unrestricted upload of file with dangerous type (CVE-ID: CVE-2018-17442)

The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.

The weakness exists due to unrestricted file upload of file with dangerous type when the .rar is uploaded is stored in the path '\web\captivalportal' in a folder with a timestamp created by the PHP time() function. A remote attacker can upload RAR archives, abuse the functionality to upload archives that include a PHP file  and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

3) Cross-site scripting (CVE-ID: CVE-2018-17443)

The disclosed vulnerability allows a remote attacker to perform reflected cross-site scripting (XSS) attacks.

The vulnerability exists in the "UpdateSite" in the sitename parameter due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


4) Cross-site scripting (CVE-ID: CVE-2018-17441)

The disclosed vulnerability allows a remote attacker to perform reflected cross-site scripting (XSS) attacks.

The vulnerability exists in the "addUser" in the username parameter due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


Remediation

Install update from vendor's website.

References