CVE-2019-13372

CRITICAL EXPLOITED IN THE WILD NUCLEI

D-Link Central WiFi Manager < 1.03 - Unauthenticated Remote Code Execution via Cookie Injection

Title source: llm

Exploitation Summary

CVE-2019-13372 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 1 public exploit from researchers including M3@ZionLab from DBAppSecurity, including a Metasploit module exploits/windows/http/dlink_central_wifimanager_rce. A Nuclei detection template is also available.

AI-analyzed exploit summary This Metasploit module exploits a PHP code injection vulnerability in D-Link Central WiFi Manager CWM(100) by injecting malicious PHP code via the username cookie, which is passed unsanitized to eval(). It achieves remote code execution (RCE) on vulnerable versions.

Description

/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication.

Exploits (1)

metasploit WORKING POC EXCELLENT

by M3@ZionLab from DBAppSecurity · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/dlink_central_wifimanager_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits a PHP code injection vulnerability in D-Link Central WiFi Manager CWM(100) by injecting malicious PHP code via the username cookie, which is passed unsanitized to eval(). It achieves remote code execution (RCE) on vulnerable versions.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: D-Link Central WiFi Manager CWM(100) < v1.03R0100_BETA6

No auth needed

Prerequisites: Network access to the target · Target running vulnerable D-Link Central WiFi Manager

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

D-Link Central WiFi Manager CWM(100) - Remote Code Execution

CRITICALVERIFIEDby DhiyaneshDK

Shodan: html:"D-Link Central WiFiManager"

References (4)

Core 4

Core References

Various Sources x_refsource_misc

https://unh3x.github.io/2019/02/21/D-link-%28CWM-100%29-Multiple-Vulnerabilities/

Various Sources x_refsource_misc

https://github.com/unh3x/unh3x.github.io/blob/master/_posts/2019-02-21-D-link-%28CWM-100%29-Multiple-Vulnerabilities.md

View Writeup ZIP pw:eip

Third Party Advisory x_refsource_confirm

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10117

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/158904/D-Link-Central-WiFi-Manager-CWM-100-Remote-Code-Execution.html

Scores

CVSS v3 9.8

EPSS 0.8068

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2021-04-12

InTheWild.io 2021-04-12

CWE

CWE-287 CWE-94

Status published

Products (1)

dlink/central_wifimanager < 1.03

Published Jul 06, 2019

Tracked Since Feb 18, 2026