PT-2019-4027 · Tp Link · Tp-Link M7350

Publicado

2019-10-24

Atualizado

2019-10-28

CVE-2019-13653

CVSS v3.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n

Description The issue exists due to the lack of neutralization of special elements used in the operating system command in the Port Triggering function of the TP-Link M7350 router's firmware. Exploitation of this issue may allow a remote attacker to execute arbitrary commands.

Recommendations For TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n, consider disabling the Port Triggering function as a temporary workaround until a patch is available. Restrict access to the device to minimize the risk of exploitation.

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

BDU:2019-04588

CVE-2019-13653

Produtos afetados

Tp-Link M7350

PT-2019-4027 · Tp Link · Tp-Link M7350

CVE-2019-13653

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5