Home / os / winnt

D-Link Central WiFi Manager CWM(100) Remote Code Execution

Posted on 18 August 2020

This Metasploit module exploits a PHP code injection vulnerability in D-Link Central WiFi Manager CWM(100) versions below v1.03R0100_BETA6. The vulnerability exists in the username cookie, which is passed to eval() without being sanitized. Dangerous functions are not disabled by default, which makes it possible to get code execution on the target.

 

TOP

Malware :

Exploits :