Vulnerability Details CVE-2018-15515
The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which allows unprivileged local users to gain SYSTEM privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.2%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
- http://packetstormsecurity.com/files/150244/D-LINK-Central-WifiManager-CWM-100-1.03-r0098-DLL-Hijacking.html
- http://seclists.org/fulldisclosure/2018/Nov/29
- http://packetstormsecurity.com/files/150244/D-LINK-Central-WifiManager-CWM-100-1.03-r0098-DLL-Hijacking.html
- http://seclists.org/fulldisclosure/2018/Nov/29
Products affected by CVE-2018-15515
-
cpe:2.3:a:dlink:central_wifimanager:1.03_r0098