PT-2019-4027 · Tp Link · Tp-Link M7350

Published

2019-10-24

Updated

2019-10-28

CVE-2019-13653

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n

Description The issue exists due to the lack of neutralization of special elements used in the operating system command in the Port Triggering function of the TP-Link M7350 router's firmware. Exploitation of this issue may allow a remote attacker to execute arbitrary commands.

Recommendations For TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n, consider disabling the Port Triggering function as a temporary workaround until a patch is available. Restrict access to the device to minimize the risk of exploitation.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

BDU:2019-04588

CVE-2019-13653

Affected Products

Tp-Link M7350

PT-2019-4027 · Tp Link · Tp-Link M7350

CVE-2019-13653

Weakness Enumeration

Related Identifiers

Affected Products

References · 5