Intrusion Prevention

D-Link.Central.WiFi.Manager.CWM.dbSQL.SQL.Injection

Description

This indicates an attack attempt to exploit an SQL Injection Vulnerability in D-Link Central WiFi Manager CWM.
The vulnerability is due to lack of validation on a user supplied parameter potentially leading to SQL injection. A remote, authenticated attacker could exploit this vulnerability by sending crafted HTTP requests to the target server. Successful exploitation could result in the code execution under the security context of the database process.

Affected Products

D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6

Impact

System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10117

CVE References

CVE-2019-13373