PT-2019-4026 · Tp Link · Tp-Link M7350

Publicado

2019-10-24

Atualizado

2019-10-28

CVE-2019-13650

CVSS v3.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TP-Link M7350 versions through 1.0.16 Build 181220 Rel.1116n

Description The issue exists due to the lack of measures to neutralize special elements used in the operating system command. This can allow a remote attacker to execute arbitrary commands.

Recommendations For versions through 1.0.16 Build 181220 Rel.1116n, consider restricting access to the internal port to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

BDU:2019-04587

CVE-2019-13650

Produtos afetados

Tp-Link M7350

PT-2019-4026 · Tp Link · Tp-Link M7350

CVE-2019-13650

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5