CVE-2019-6487 - OpenCVE

TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included in the weather get_weather_observe citycode field.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Tp-link	Tl-wdr3600 Tl-wdr4300 Firmware Tl-wdr4900 Firmware Tl-wdr4300 Tl-wdr3500 Firmware Tl-wdr4900 Tl-wdr3600 Firmware Tl-wdr5620 Firmware Tl-wdr3500 Tl-wdr5620

Configuration 1 [-]

AND

cpe:2.3:o:tp-link:tl-wdr5620_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-wdr5620:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:tp-link:tl-wdr3500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-wdr3500:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:tp-link:tl-wdr3600_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-wdr3600:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:tp-link:tl-wdr4300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-wdr4300:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:tp-link:tl-wdr4900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-wdr4900:-:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/0xcc-Since2016/TP-Link-WDR-Router-Command-injection_POC/blob/master/poc.py	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:19:25

Updated: 2022-10-03T16:19:25

Reserved: 2022-10-03T00:00:00

Link: CVE-2019-6487

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-01-18T10:29:00.190

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-6487

JSON object: View

Redhat Information

No data.

CWE

CWE-78

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:tl-wdr5620_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7FE71E21-DD2D-430D-94E7-B9FA75FB563B", "versionEndIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:tl-wdr5620:-:*:*:*:*:*:*:*", "matchCriteriaId": "9AA35C83-DDC5-4594-8719-C6FB5D4EF1C3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:tl-wdr3500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8572D9C-7B2F-46DB-8F8C-25D583A809F7", "versionEndIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:tl-wdr3500:-:*:*:*:*:*:*:*", "matchCriteriaId": "40DBDE6B-34F9-409E-B2F5-3C8B4FCB31BA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:tl-wdr3600_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4AA8145D-9ED8-475D-9050-4B586AFD67F3", "versionEndIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:tl-wdr3600:-:*:*:*:*:*:*:*", "matchCriteriaId": "AF50EF58-1803-4634-A437-2FA371325157", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:tl-wdr4300_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "07432606-0565-443D-BBB3-D506467E9A47", "versionEndIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:tl-wdr4300:-:*:*:*:*:*:*:*", "matchCriteriaId": "C24928A1-5158-41FF-B29C-9E7AEC7BED31", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:tl-wdr4900_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7FADA10D-5CDC-4413-8A6E-5723B039F1FA", "versionEndIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:tl-wdr4900:-:*:*:*:*:*:*:*", "matchCriteriaId": "52D7618A-6ADF-44B9-8691-F6F0F8213BB8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included in the weather get_weather_observe citycode field."}, {"lang": "es", "value": "Los dispositivos TP-Link WDR Series hasta la versi\u00f3n de firmware v3 (como TL-WDR5620 V3.0) se ven afectados por una inyecci\u00f3n de comandos (despu\u00e9s de iniciar sesi\u00f3n), conduciendo a la ejecuci\u00f3n remota de c\u00f3digo debido a que se pueden incluir metacaracteres shell en el campo weather\" en \"get_weather_observe citycode\"."}], "id": "CVE-2019-6487", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-01-18T10:29:00.190", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/0xcc-Since2016/TP-Link-WDR-Router-Command-injection_POC/blob/master/poc.py"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}