D-Link Central WiFiManager FTP Server Default Credentials Remote PHP File Upload Vulnerability Exploit

D-Link Central WiFiManager has an FTP server listening on port 9000 by default with fixed credentials. This allows to unauthenticated users to upload and execute PHP files in the web root, leading to remote code execution.
CVE Link
CVE-2018-17440
Exploit Type - Old
Exploits/Remote File Inclusion/Known Vulnerabilities
Exploit Platform
Windows
Exploit Type
Exploits
Remote File Inclusion
Known Vulnerabilities
Product Name
Impact