cpe:/a:dlink:central_wifimanager:1.03 CVE-2019-13372 2019-07-06T19:15:10.310-04:00 2019-07-12T11:57:40.703-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2019-07-08T14:07:28.613-04:00 MISC https://github.com/unh3x/unh3x.github.io/blob/master/_posts/2019-02-21-D-link-(CWM-100)-Multiple-Vulnerabilities.md CONFIRM https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10117 MISC https://unh3x.github.io/2019/02/21/D-link-(CWM-100)-Multiple-Vulnerabilities/ /web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication.