exploitDog

CVE-2023-43138

Опубликовано: 20 сент. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point.

Ссылки

https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/command%20injection/02/command%20injection02.md
Exploit
Third Party Advisory
https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/command%20injection/02/command%20injection02.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:tp-link:tl-er5120g_firmware:2.0.0:build_210817:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-er5120g:4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.01228

Низкий

8.8 High

CVSS3

Дефекты

CWE-77

Связанные уязвимости

GHSA-g567-mjjp-5vw4

CVSS3: 8.8

github

больше 2 лет назад

TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point.

EPSS

Процентиль: 79%

0.01228

Низкий

8.8 High

CVSS3

Дефекты

CWE-77