CVE-2019-13651 - OpenCVE

TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow portMappingProtocol OS Command Injection (issue 3 of 5).

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Tp-link	M7350 M7350 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:tp-link:m7350_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:m7350:-:*:*:*:*:*:*:*

References

Link	Resource
https://pastebin.com/yAxBFe05	Exploit Third Party Advisory
https://www.tp-link.com	Product

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-10-24T14:56:49

Updated: 2019-10-24T14:56:49

Reserved: 2019-07-18T00:00:00

Link: CVE-2019-13651

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-10-24T15:15:31.573

Modified: 2019-10-28T15:27:58.197

Link: CVE-2019-13651

JSON object: View

Redhat Information

No data.

CWE

CWE-78

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:m7350_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A8829AD4-9B19-43ED-B6DA-6C619BF2D47A", "versionEndIncluding": "1.0.16", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:m7350:-:*:*:*:*:*:*:*", "matchCriteriaId": "1C6D954D-7295-49F4-AA3A-BCC63D444BB5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow portMappingProtocol OS Command Injection (issue 3 of 5)."}, {"lang": "es", "value": "Los dispositivos TP-Link M7350 versiones hasta 1.0.16 Build 181220 Rel.1116n, permiten una inyecci\u00f3n de comandos del Sistema Operativo de portMappingProtocol (problema 3 de 5)."}], "id": "CVE-2019-13651", "lastModified": "2019-10-28T15:27:58.197", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-24T15:15:31.573", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://pastebin.com/yAxBFe05"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.tp-link.com"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}