Lucene search

MitreCVE-2018-11482

HistoryMay 30, 2018 - 9:29 p.m.

CVE-2018-11482

2018-05-3021:29:00

CWE-798

mitre

web.nvd.nist.gov

cve-2018-11482

tp-link

ipc

hardcoded password

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.001

Percentile

50.9%

JSON

/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password.

Affected configurations

Nvd

Node

tp-linkipc_tl-ipc223\(p\)-6_firmwareRange<1.0.21

AND

tp-linkipc_tl-ipc223\(p\)-6Match-

Node

tp-linktl-ipc323k-d_firmwareRange<1.0.21

AND

tp-linktl-ipc323k-dMatch-

Node

tp-linktl-ipc325\(kp\)_firmwareRange<1.0.21

AND

tp-linktl-ipc325\(kp\)Match-

Node

tp-linktl-ipc40a-4_firmwareRange<1.0.21

AND

tp-linktl-ipc40a-4Match-

VendorProductVersionCPE
tp-linkipc_tl-ipc223\(p\)-6_firmware*cpe:2.3:o:tp-link:ipc_tl-ipc223\(p\)-6_firmware:*:*:*:*:*:*:*:*
tp-linkipc_tl-ipc223\(p\)-6-cpe:2.3:h:tp-link:ipc_tl-ipc223\(p\)-6:-:*:*:*:*:*:*:*
tp-linktl-ipc323k-d_firmware*cpe:2.3:o:tp-link:tl-ipc323k-d_firmware:*:*:*:*:*:*:*:*
tp-linktl-ipc323k-d-cpe:2.3:h:tp-link:tl-ipc323k-d:-:*:*:*:*:*:*:*
tp-linktl-ipc325\(kp\)_firmware*cpe:2.3:o:tp-link:tl-ipc325\(kp\)_firmware:*:*:*:*:*:*:*:*
tp-linktl-ipc325\(kp\)-cpe:2.3:h:tp-link:tl-ipc325\(kp\):-:*:*:*:*:*:*:*
tp-linktl-ipc40a-4_firmware*cpe:2.3:o:tp-link:tl-ipc40a-4_firmware:*:*:*:*:*:*:*:*
tp-linktl-ipc40a-4-cpe:2.3:h:tp-link:tl-ipc40a-4:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tp-link	ipc_tl-ipc223\(p\)-6_firmware	*	cpe:2.3:o:tp-link:ipc_tl-ipc223\(p\)-6_firmware::::::::
tp-link	ipc_tl-ipc223\(p\)-6	-	cpe:2.3:h:tp-link:ipc_tl-ipc223\(p\)-6:-:::::::*
tp-link	tl-ipc323k-d_firmware	*	cpe:2.3:o:tp-link:tl-ipc323k-d_firmware::::::::
tp-link	tl-ipc323k-d	-	cpe:2.3:h:tp-link:tl-ipc323k-d:-:::::::*
tp-link	tl-ipc325\(kp\)_firmware	*	cpe:2.3:o:tp-link:tl-ipc325\(kp\)_firmware::::::::
tp-link	tl-ipc325\(kp\)	-	cpe:2.3:h:tp-link:tl-ipc325\(kp\):-:::::::*
tp-link	tl-ipc40a-4_firmware	*	cpe:2.3:o:tp-link:tl-ipc40a-4_firmware::::::::
tp-link	tl-ipc40a-4	-	cpe:2.3:h:tp-link:tl-ipc40a-4:-:::::::*

References

github.com/yough3rt/IOT-pwn-for-fun/blob/master/TP-LINK-login-Escalation-of-Privileges

www.us-cert.gov/ncas/bulletins/SB18-155

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.001

Percentile

50.9%

JSON

Related for CVE-2018-11482