Lucene search

MitreCVE-2018-11481

HistoryMay 30, 2018 - 9:29 p.m.

CVE-2018-11481

2018-05-3021:29:00

CWE-20

mitre

web.nvd.nist.gov

cve-2018-11481

tp-link

ipc

authenticated remote code execution

json

security vulnerability

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.004

Percentile

74.7%

JSON

TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters.

Affected configurations

Nvd

Node

tp-linkipc_tl-ipc223\(p\)-6_firmwareRange<1.0.21

AND

tp-linkipc_tl-ipc223\(p\)-6Match-

Node

tp-linktl-ipc323k-d_firmwareRange<1.0.21

AND

tp-linktl-ipc323k-dMatch-

Node

tp-linktl-ipc325\(kp\)_firmwareRange<1.0.21

AND

tp-linktl-ipc325\(kp\)Match-

Node

tp-linktl-ipc40a-4_firmwareRange<1.0.21

AND

tp-linktl-ipc40a-4Match-

VendorProductVersionCPE
tp-linkipc_tl-ipc223\(p\)-6_firmware*cpe:2.3:o:tp-link:ipc_tl-ipc223\(p\)-6_firmware:*:*:*:*:*:*:*:*
tp-linkipc_tl-ipc223\(p\)-6-cpe:2.3:h:tp-link:ipc_tl-ipc223\(p\)-6:-:*:*:*:*:*:*:*
tp-linktl-ipc323k-d_firmware*cpe:2.3:o:tp-link:tl-ipc323k-d_firmware:*:*:*:*:*:*:*:*
tp-linktl-ipc323k-d-cpe:2.3:h:tp-link:tl-ipc323k-d:-:*:*:*:*:*:*:*
tp-linktl-ipc325\(kp\)_firmware*cpe:2.3:o:tp-link:tl-ipc325\(kp\)_firmware:*:*:*:*:*:*:*:*
tp-linktl-ipc325\(kp\)-cpe:2.3:h:tp-link:tl-ipc325\(kp\):-:*:*:*:*:*:*:*
tp-linktl-ipc40a-4_firmware*cpe:2.3:o:tp-link:tl-ipc40a-4_firmware:*:*:*:*:*:*:*:*
tp-linktl-ipc40a-4-cpe:2.3:h:tp-link:tl-ipc40a-4:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tp-link	ipc_tl-ipc223\(p\)-6_firmware	*	cpe:2.3:o:tp-link:ipc_tl-ipc223\(p\)-6_firmware::::::::
tp-link	ipc_tl-ipc223\(p\)-6	-	cpe:2.3:h:tp-link:ipc_tl-ipc223\(p\)-6:-:::::::*
tp-link	tl-ipc323k-d_firmware	*	cpe:2.3:o:tp-link:tl-ipc323k-d_firmware::::::::
tp-link	tl-ipc323k-d	-	cpe:2.3:h:tp-link:tl-ipc323k-d:-:::::::*
tp-link	tl-ipc325\(kp\)_firmware	*	cpe:2.3:o:tp-link:tl-ipc325\(kp\)_firmware::::::::
tp-link	tl-ipc325\(kp\)	-	cpe:2.3:h:tp-link:tl-ipc325\(kp\):-:::::::*
tp-link	tl-ipc40a-4_firmware	*	cpe:2.3:o:tp-link:tl-ipc40a-4_firmware::::::::
tp-link	tl-ipc40a-4	-	cpe:2.3:h:tp-link:tl-ipc40a-4:-:::::::*

References

github.com/yough3rt/IOT-pwn-for-fun/blob/master/TP-LINK-websys-Authenticated-RCE

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.004

Percentile

74.7%

JSON

Related for CVE-2018-11481