CVE-2019-13652

Name of the Vulnerable Software and Affected Versions TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n

Description The issue is related to OS Command Injection in the Service Name parameter of the TP-Link M7350 device's firmware. This vulnerability exists due to the lack of measures to neutralize special elements used in the operating system command. Exploitation of this issue may allow a remote attacker to execute arbitrary commands.

Recommendations For TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n, consider restricting access to the Service Name parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the Service Name parameter in the affected device until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.