D-LINK Central WifiManager (CWM 100) 1.03 r0098 Server-Side Request Forgery

Posted by deepcore on November 10, 2018 – 8:16 pm

Using a web browser or script server-side request forgery (SSRF) can be initiated against internal/external systems to conduct port scans by leveraging D-LINK’s MailConnect component. The MailConnect feature on D-Link Central WiFiManager CWM-100 version 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. This can undermine accountability of where scan or connections actually came from and or bypass the FW etc. This can be automated via script or using Web Browser.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« D-LINK Central WifiManager (CWM 100) 1.03 r0098 DLL Hijacking D-LINK Central WifiManager (CWM 100) 1.03 r0098 Man-In-The-Middle »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

D-LINK Central WifiManager (CWM 100) 1.03 r0098 Server-Side Request Forgery

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL