CaptivePortal Service Trojan Horse Vulnerability in D-Link Central WiFiManager CWM-100 1.03 r0098 Devices

CaptivePortal Service Trojan Horse Vulnerability in D-Link Central WiFiManager CWM-100 1.03 r0098 Devices

CVE-2018-15515 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which allows unprivileged local users to gain SYSTEM privileges.

Learn more about our User Device Pen Test.