PT-2019-4030 · Tp Link · Tp-Link M7350

Published

2019-10-24

Updated

2019-10-28

CVE-2019-13651

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n

Description The issue is related to the implementation of the NAT Port Mapping Protocol (NAT-PMP) in the TP-Link M7350 router's firmware, which fails to neutralize special elements used in an operating system command. This can be exploited by a remote attacker to execute arbitrary commands.

Recommendations For TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n, consider disabling the NAT-PMP protocol as a temporary workaround until a patch is available. Restrict access to the device to minimize the risk of exploitation.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

BDU:2019-04591

CVE-2019-13651

Affected Products

Tp-Link M7350

PT-2019-4030 · Tp Link · Tp-Link M7350

CVE-2019-13651

Weakness Enumeration

Related Identifiers

Affected Products

References · 6