D-Link.Central.WiFi.Manager.CWM.dbSQL.SQL.Injection

description-logoDescription

This indicates an attack attempt to exploit an SQL Injection Vulnerability in D-Link Central WiFi Manager CWM.
The vulnerability is due to lack of validation on a user supplied parameter potentially leading to SQL injection. A remote, authenticated attacker could exploit this vulnerability by sending crafted HTTP requests to the target server. Successful exploitation could result in the code execution under the security context of the database process.

affected-products-logoAffected Products

D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6

Impact logoImpact

System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10117

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-10-07 16.939 Default_action:pass:drop
2020-09-29 16.933