D-Link Central WiFiManager FTP Server Default Credentials Remote PHP File Upload Vulnerability Exploit

D-Link Central WiFiManager has an FTP server listening on port 9000 by default with fixed credentials. This allows to unauthenticated users to upload and execute PHP files in the web root, leading to remote code execution.
Platform: 
Vulnerabilty ID: 
CVE-2018-17440
Released Date: 
Wednesday, October 3, 2018 - 19:00