PT-2019-4026 · Tp Link · Tp-Link M7350

Published

2019-10-24

Updated

2019-10-28

CVE-2019-13650

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TP-Link M7350 versions through 1.0.16 Build 181220 Rel.1116n

Description The issue exists due to the lack of measures to neutralize special elements used in the operating system command. This can allow a remote attacker to execute arbitrary commands.

Recommendations For versions through 1.0.16 Build 181220 Rel.1116n, consider restricting access to the internal port to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

BDU:2019-04587

CVE-2019-13650

Affected Products

Tp-Link M7350

PT-2019-4026 · Tp Link · Tp-Link M7350

CVE-2019-13650

Weakness Enumeration

Related Identifiers

Affected Products

References · 5