← back
CVE-2018-17440

CVE-2018-17440

EPSS 36.9%
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any file in the web root directory and then accessing it via a request.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/45533/unverifiedexploitdbwww.exploit-db.com/exploits/45533unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://seclists.org/fulldisclosure/2018/Oct/11https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10092https://www.exploit-db.com/exploits/45533/https://www.secureauth.com/labs/advisories/d-link-central-wifimanager-software-controller-multiple-vulnerabilities