CVE-2013-2578

2013-10-1121:55:00

CWE-78

[email protected]

web.nvd.nist.gov

cve-2013-2578

tp-link

ip cameras

remote command execution

vulnerability

nvd

security advisory

7.9 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.014 Low

EPSS

Percentile

86.6%

JSON

cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the ServerName parameter and (2) other unspecified parameters.

CPENameOperatorVersion
tp-link:tl-sc3130tp-link tl-sc3130eq-
tp-link:tl-sc3130gtp-link tl-sc3130geq-
tp-link:tl-sc3171tp-link tl-sc3171eq-
tp-link:tl-sc3171gtp-link tl-sc3171geq-
tp-link:lm_firmwaretp-link lm firmwarele1.6.18p12_sign5

CPE	Name	Operator	Version
tp-link:tl-sc3130	tp-link tl-sc3130	eq	-
tp-link:tl-sc3130g	tp-link tl-sc3130g	eq	-
tp-link:tl-sc3171	tp-link tl-sc3171	eq	-
tp-link:tl-sc3171g	tp-link tl-sc3171g	eq	-
tp-link:lm_firmware	tp-link lm firmware	le	1.6.18p12_sign5