Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

D-Link Patches Code Execution, XSS Flaws in Management Tool

D-Link has released patches for several remote code execution and cross-site scripting (XSS) vulnerabilities found by researchers in the company’s Central WiFiManager access point management tool.

D-Link has released patches for several remote code execution and cross-site scripting (XSS) vulnerabilities found by researchers in the company’s Central WiFiManager access point management tool.

Central WiFiManager allows organizations to create and manage multi-site and multi-tenancy wireless networks. The software can be deployed both locally and in the cloud.

Researchers at SecureAuth + CoreSecurity discovered that version 1.03 – and possibly others – of Central WiFiManager for Windows is affected by four potentially serious vulnerabilities that can be exploited for arbitrary code execution.

The most severe of the security holes, CVE-2018-17440, is related to the fact that the web app includes an FTP server running on port 9000 with the default credentials admin/admin. An attacker can use it to establish a connection to the server and upload a specially crafted PHP file. Requesting this file can lead to arbitrary code execution.

Another code execution vulnerability discovered by researchers is CVE-2018-17442, which also involves uploading arbitrary files. The tool allows users to upload RAR archives and experts noticed that they can abuse the functionality to upload archives that include a PHP file whose content will be executed in the context of the web application. However, SecureAuth + CoreSecurity noted in its advisory that authentication is required for exploitation.

“When the .rar is uploaded is stored in the path ‘webcaptivalportal’ in a folder with a timestamp created by the PHP time() function. In order to know what is the web server’s time we request an information file that contains the time we are looking for. After we have the server’s time we upload the .rar, calculate the proper epoch and request the appropriate path increasing this epoch by one until we hit the correct one,” the security firm said in its advisory.

Experts also discovered two stored XSS flaws in the “UpdateSite” (CVE-2018-17443) and “addUser” (CVE-2018-17441) functionality, specifically the sitename and username parameters, respectively.

The vulnerabilities were reported to D-Link in early June and they were patched recently with the release of version 1.03R0100-Beta1.

Advertisement. Scroll to continue reading.

“This disclosure directly affects the software package and current installations should be update with the new released available to download below. Failure to update may put this software package, the host computer it runs on, and D-Link devices that it manages at risk,” D-Link said in its own advisory.

Related: Hackers Using Stolen D-Link Certificates for Malware Signing

Related: Serious Vulnerability Affects Over 120 D-Link Products

Related: D-Link Patches Recently Disclosed Router Vulnerabilities

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.