Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

TP-LINK TL-SC3171 Authentication Bypass Vulnerability

🗓️ 14 Jun 2013 00:00:00Reported by Jonas Rapero CastilloType 
zdt
 zdt🔗 0day.today👁 31 Views

TP-LINK TL-SC3171 Authentication Bypass Vulnerabilit

Related
Code
ReporterTitlePublishedViews
Family
CVE		CVE-2013-3688
1 Oct 201319:00
cve
Cvelist		CVE-2013-3688
1 Oct 201319:00
cvelist
EUVD		EUVD-2013-3621
7 Oct 202500:30
euvd
NVD		CVE-2013-3688
1 Oct 201319:55
nvd
Packet Storm		TP-LINK TL-SC3171 Authentication Bypass
13 Jun 201300:00
packetstorm
Prion		Design/Logic Flaw
1 Oct 201319:55
prion
RedhatCVE		CVE-2013-3688
22 May 202511:31
redhatcve
1.Advisory Information
Title: TP-LINK TL-SC3171 Vulnerability
Date Published: 12/06/2013
Date of last updated: 12/06/2013

2.Vulnerability Description
The next vulnerability has been found in this device:
-CVE-2013-3688. Authentication Bypass Issues(CWE-592) and Execution with Unnecessary Privileges(CWE-250).

3.Affected Products
-CVE-2013-3688. The following product are affected: TP-LINK TL-SC3171
It’s possible others models are affected but they were not checked.

4.PoC
4.1.Execute Remote Command bypassing authentication
CVE-2013-3688, Execute Remote Command bypassing authentication.
We have found that is possible to reboot this kind of devices remotely. The attack vector is the following one:
_____________________________________________________________________________
http://xx.xx.xx.xx/cgi-bin/reboot
http://xx.xx.xx.xx/cgi-bin/hardfactorydefault
_____________________________________________________________________________

In the first one you will get blank page and you can’t re-login until the device is reboot.
In the second one, you will get a victory message and of course, in the next login you should introduce factory settings.

5.Credits
-CVE-2013-3688, was discovered by Eliezer Varadé Lopez, Javier Repiso Sánchez and Jonás Ropero Castillo. 

6.Report Timeline
-2013-05-31: Students team notifies the TP-Link Customer Support of the vulnerability. No reply received.
-2013-06-03: Students asks for a reply. 
-2013-06-04: TP-Link answers saying Coresecurity reported this vulnerability before and this has been corrected in a new beta firmware version.
-2013-06-04: Students answer to the vendor saying that this vulnerability is different from the Coresecurity vulnerabilities.
-2013-06-05: TP-Link answers saying this vulnerability is the same as the vulnerability reported by Coresecurity.
-2013-06-05: Students respond by explaining the details of the vulnerability and confirming that the vulnerability is different.
-2013-06-06: TP-Link answer confirming that the vulnerability is fixed with the latest patch for the reported vulnerabilities generated by Coresecurity. The beta version is available on the website of TP-Link

#  0day.today [2018-04-03]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
14 Jun 2013 00:00Current
6.9Medium risk
Vulners AI Score6.9
EPSS0.00625
tp-link tl-sc3171authentication bypasscve-2013-3688remote commandprivilegessecurity advisoryvulnerabilityexecutionfirmware.
31