Commit Graph

3 Commits (3d6a079b4237687ef71794802272f3893a33fc27)

Author SHA1 Message Date
Ice3man543 e9f728c321 Added cve annotations + severity adjustments 2021-09-10 16:56:40 +05:30
Prince Chaddha 0b3a307294
Update CVE-2018-15517.yaml 2021-08-04 13:44:42 +05:30
GwanYeong Kim 812d4faca2 Create CVE-2018-15517.yaml
Using a web browser or script SSRF can be initiated against internal/external systems to conduct port scans by leveraging D LINKs MailConnect component. The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. This can undermine accountability of where scan or connections actually came from and or bypass the FW etc. This can be automated via script or using Web Browser.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-04 14:25:54 +09:00