Full title: D-Link Central WiFi Manager CWM(100) Remote Code Execution Exploit 
Category: remote exploits
Platform: hardware
This Metasploit module exploits a PHP code injection vulnerability in D-Link Central WiFi Manager CWM(100) versions below v1.03R0100_BETA6. The vulnerability exists in the username cookie, which is passed to eval() without being sanitized. Dangerous functions are not disabled by default, which makes it possible to get code execution on the target.

# 0day.today @ http://0day.today/