D-Link fixed several flaws in Central WiFiManager access point management tool

[Oct 08, 2018]

D-Link addresses several remote code execution and XSS vulnerabilities affecting the Central WiFiManager access point management tool.

D-Link Central WiFiManager software controller helps network administrators streamline their wireless access point (AP) management workflow. It leverages a centralized server to remotely allow the management and the monitoring of wireless APs on a network.

The software can be deployed both locally and in the cloud.

The flaw are related to,

– The presence of default credentials (admin/admin) in the FTP server running on port 9000 of the web app.

– Authenticated Remote Code Execution by Unrestricted Upload of File with Dangerous Type.

– Two stored XSS flaws in the “UpdateSite” and “addUser” functionality, specifically the sitename and usernameparameters, respectively.

 

Cyber Security Tips :  

  • D-link company addressed these vulnerabilities with the version 1.03R0100-Beta1. IT Persons are highly recommended to upgrade theirs system.

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: