CVE-2018-15517: SSRF
First published: Thu Jan 31 2019(Updated: )
The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dlink Central Wifimanager | =1.03-r0098 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-15517?
CVE-2018-15517 is a vulnerability in D-Link Central WiFiManager CWM-100 1.03 r0098 devices that allows outbound TCP to any port on any IP address, leading to Server-Side Request Forgery (SSRF).
How severe is CVE-2018-15517?
CVE-2018-15517 has a severity score of 8.6 out of 10, indicating a high severity.
What is the affected software for CVE-2018-15517?
The affected software for CVE-2018-15517 is D-Link Central WiFiManager CWM-100 version 1.03 r0098.
How can the SSRF vulnerability in CVE-2018-15517 be exploited?
The SSRF vulnerability in CVE-2018-15517 can be exploited by sending a specially crafted URI to the MailConnect feature, allowing outbound TCP connections to any port on any IP address.
Are there any known fixes for CVE-2018-15517?
At the time of writing, there are no known fixes for CVE-2018-15517. It is recommended to follow any security advisories or updates provided by the vendor.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/references
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/dlink
- canonical/dlink central wifimanager
- version/dlink central wifimanager/1.03-r0098