CVE-2018-15515 - The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Troj

CVE-2018-15515

Summary

The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which allows unprivileged local users to gain SYSTEM privileges.

References

Vulnerable Configurations

cpe:2.3:a:dlink:central_wifimanager:1.03_r0098:*:*:*:*:*:*:*
cpe:2.3:a:dlink:central_wifimanager:1.03_r0098:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

fulldisc	20181109 CVE-2018-15515 / D-LINK Central WifiManager CWM-100 / Trojan File SYSTEM Privilege Escalation
misc	http://packetstormsecurity.com/files/150244/D-LINK-Central-WifiManager-CWM-100-1.03-r0098-DLL-Hijacking.html

Last major update

03-10-2019 - 00:03

Published

31-01-2019 - 19:29

Last modified

03-10-2019 - 00:03