CVE-2019-13372

/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication.
Configurations

Configuration 1

cpe:2.3:a:dlink:central_wifimanager:*:*:*:*:*:*:*:*

Information

Published : 2019-07-06 11:15

Updated : 2020-08-24 05:37


NVD link : CVE-2019-13372

Mitre link : CVE-2019-13372

Products Affected