CVE-2019-12104

Опубликовано: 14 авг. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Низкий

Описание

The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by several post-authentication command injection vulnerabilities.

Ссылки

https://www.pentestpartners.com/security-blog/cve-2019-12103-analysis-of-a-pre-auth-rce-on-the-tp-link-m7350-with-ghidra/
Exploit
Third Party Advisory
https://www.tp-link.com/uk/support/download/m7350/v3/#Firmware
Patch
Vendor Advisory
https://www.pentestpartners.com/security-blog/cve-2019-12103-analysis-of-a-pre-auth-rce-on-the-tp-link-m7350-with-ghidra/
Exploit
Third Party Advisory
https://www.tp-link.com/uk/support/download/m7350/v3/#Firmware
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:tp-link:m7350_firmware:*:*:*:*:*:*:*:*

Версия до 190531 (исключая)

cpe:2.3:h:tp-link:m7350:v3:*:*:*:*:*:*:*

EPSS

Процентиль: 91%

0.06934

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-77

Связанные уязвимости

GHSA-j4vh-w7wr-j9fm