CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as well. Because of the WebDAV feature, it is possible to upload arbitrary files by utilizing the PUT method.
References
Link | Resource |
---|---|
https://github.com/safakaslan/CelaLinkCLRM20/issues/1 | Third Party Advisory |
https://www.exploit-db.com/exploits/45021/ | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-08-08T00:00:00
Updated: 2018-08-15T16:57:01
Reserved: 2018-08-07T00:00:00
Link: CVE-2018-15137
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-08-08T00:29:01.020
Modified: 2018-10-23T17:16:22.297
Link: CVE-2018-15137
JSON object: View
Redhat Information
No data.
CWE