CVE-2018-19537

Exploit

EPSS 18.33%
Published 26.11.2018 03:29:00
Last modified 21.11.2024 03:58:07
Source cve@mitre.org
Teams watchlist Login
Open Login

TP-Link Archer C5 devices through V2_160201_US allow remote command execution via shell metacharacters on the wan_dyn_hostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin may be used in some cases.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Tp-link ≫ Archer C5 Firmware Version <= 2_160201_us

Tp-link ≫ Archer C5 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	18.33%	0.946

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9	8	10	AV:N/AC:L/Au:S/C:C/I:C/A:C

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://github.com/JackDoan/TP-Link-ArcherC5-RCE

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2018-19537

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-19537

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-19537

EUVD