CVE-2013-2580

2013-10-1121:55:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2013-2580

file upload

vulnerability

tp-link ip cameras

security

nvd

7 High

AI Score

Confidence

Low

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:C/A:N

0.002 Low

EPSS

Percentile

52.3%

JSON

Unrestricted file upload vulnerability in cgi-bin/uploadfile in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6, allows remote attackers to upload arbitrary files, then accessing it via a direct request to the file in the mnt/mtd directory.

CPENameOperatorVersion
tp-link:tl-sc3130tp-link tl-sc3130eq-
tp-link:tl-sc3130gtp-link tl-sc3130geq-
tp-link:tl-sc3171tp-link tl-sc3171eq-
tp-link:tl-sc3171gtp-link tl-sc3171geq-
tp-link:lm_firmwaretp-link lm firmwarele1.6.18p12_sign5

CPE	Name	Operator	Version
tp-link:tl-sc3130	tp-link tl-sc3130	eq	-
tp-link:tl-sc3130g	tp-link tl-sc3130g	eq	-
tp-link:tl-sc3171	tp-link tl-sc3171	eq	-
tp-link:tl-sc3171g	tp-link tl-sc3171g	eq	-
tp-link:lm_firmware	tp-link lm firmware	le	1.6.18p12_sign5