'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app: D-Link_Central_WiFi_Manager_CWM(100)_rce_vul(Rule ID:1070210133)

Release Date2025/9/15

Rule NameCVE-2019-13372: D-Link Central WiFi Manager CWM(100) Remote Code Execution Vulnerability

Severity:critical

CVE IDCVE-2019-13372

 

Descripiton

D-Link Central WiFi Manager CWM-100 is a web-based wireless access point management tool developed by D-Link in Taiwan. The /web/Lib/Action/IndexAction.class.php file in the version before D-Link Central WiFi Manager CWM-100 1.03R0100_BETA6 has an authorization issue vulnerability. The vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.