D-Link.Central.WiFi.Manager.CWM.dbSQL.SQL.Injection
Description
This indicates an attack attempt to exploit an SQL Injection Vulnerability in D-Link Central WiFi Manager CWM.
The vulnerability is due to lack of validation on a user supplied parameter potentially leading to SQL injection. A remote, authenticated attacker could exploit this vulnerability by sending crafted HTTP requests to the target server. Successful exploitation could result in the code execution under the security context of the database process.
Affected Products
D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6
Impact
System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10117
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |