← back
CVE-2018-17440

CVE-2018-17440

35Vexday Risk Score

No sign of exploitation. It has a public proof of concept.

ssvc Attendepss 37%
from disclosure to weapon0 days
Published on NVDOct 8
1st PoCOct 5
exploitation probability
37%top 2% of all CVEs
observed exploitation
nono source reports it
2 public exploit(s)
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any file in the web root directory and then accessing it via a request.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.