HIGH🇬🇧 English

CVE-2019-6487

CVSS 8.8v3.0pub. 2019-01-18upd. 2024-11-21

TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included in the weather get_weather_observe citycode field.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Tp Link Tl Wdr3500

    HW
    Tp-Link
    wszystkie wersje
  • Tp Link Tl Wdr3500 Firmware

    OS
    Tp-Link
    ≤ 3.0
  • Tp Link Tl Wdr3600

    HW
    Tp-Link
    wszystkie wersje
  • Tp Link Tl Wdr3600 Firmware

    OS
    Tp-Link
    ≤ 3.0
  • Tp Link Tl Wdr4300

    HW
    Tp-Link
    wszystkie wersje
  • Tp Link Tl Wdr4300 Firmware

    OS
    Tp-Link
    ≤ 3.0
  • Tp Link Tl Wdr4900

    HW
    Tp-Link
    wszystkie wersje
  • Tp Link Tl Wdr4900 Firmware

    OS
    Tp-Link
    ≤ 3.0
  • Tp Link Tl Wdr5620

    HW
    Tp-Link
    wszystkie wersje
  • Tp Link Tl Wdr5620 Firmware

    OS
    Tp-Link
    ≤ 3.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCECommand Injection
CWE
Referencje

Powiązane podatności

CVE-2013-4654CRITICAL9.8ten sam produkt

Symlink Traversal vulnerability in TP-LINK TL-WDR4300 and TL-1043ND..

CVE-2015-3035HIGH7.5⚠ KEVten sam produkt

Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmwa...

CVE-2024-46486HIGH8.0ten sam produkt

TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code execution (RCE) vulnerability via the httpProc...

CVE-2013-4848HIGH8.8ten sam produkt

TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities.

CVE-2014-4727MEDIUM4.3ten sam produkt

Cross-site scripting (XSS) vulnerability in the DHCP clients page in the TP-LINK N750 Wireless Dual Band Gigab...