• Home Support Forums Security Advisories Shop     English | French
Support Announcement
Central WiFi Manager (CWM-100) :: Multiple vulnerability disclosed - Fix released

On October 4, 2018, it was disclosed that D-Link's Central WiFi Manager software (described here), was found to contain multiple security vulnerabilities.


D-Link® Central WiF iManager software controller helps network administrators streamline their wireless access point (AP) management workflow. Central WiFi Manager is an innovative approach to the more traditional hardware-based multiple access point management system. It uses a centralized server to both remotely manage and monitor wireless APs on a network. Whether deployed on a local computer or hosted on a public cloud service, Central WiFi Manager can be easily integrated into existing networks in conjunction with supporting D-Link wireless APs, to help eliminate existing bottlenecks for wireless traffic.


Report Accreditation:


These vulnerabilities were discovered and researched by Julian Muñoz from Core Security Consulting Services.

The publication of advisory was coordinated by Leandro Cuozzo from Core Advisories Team.


Disclosure Report:


Disclosure available:  https://www.coresecurity.com/advisories/d-link-central-wifimanager-software-controller-multiple-vulnerabilities


  • 7.1. Unauthenticated Remote Code Execution by Unrestricted Upload of File with Dangerous Type [CVE-2018-17440]
  • 7.2. Authenticated Remote Code Execution by Unrestricted Upload of File with Dangerous Type [CVE-2018-17442]
  • 7.3. Cross-Site Scripting in the application site name parameter [CVE-2018-17443]
  • 7.4. Cross-Site Scripting in the creation of a new user [CVE-2018-17441]


Affected Products:


This disclosure directly affects the software package and current installations should be update with the new released available to download below. Failure to update may put this software package, the host computer it runs on, and D-Link devices that it manages at risk.




 Affected Product Affected Version Corrected Version Last Updated
CWM-100 :: D-Link Central WiFi Manager  Ver. 1.03 for Windows Ver. 1.03R0100- Beta1 10/04/2017


Security Patches


These updates address the security vulnerabilities in affected D-Link software package. D-Link will update this continually and we strongly recommend all users to install the relevant updates.


To update we reccomend saving your configuration, uninstall the old package, then install the new update.  Further assistance  can be found via chat or email at http://support.dlink.com