A Command Injection vulnerability exists in the ap parameter to the /cgi-bin/mft/wireless_mft.cgi file in TP-Link IP Cameras TL-SC 3130, TL-SC 3130G, 3171G. and 4171G 1.6.18P12s, which could let a malicious user execute arbitrary code.
References
Link | Resource |
---|---|
https://www.coresecurity.com/advisories/tp-link-IP-cameras-multiple-vulnerabilities | Exploit Patch Third Party Advisory |
https://packetstormsecurity.com/files/cve/CVE-2013-2573 | Third Party Advisory VDB Entry |
https://vuldb.com/?id.8912 | Permissions Required |
https://exchange.xforce.ibmcloud.com/vulnerabilities/84574 | Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/60195 | Broken Link |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Information
Published : 2020-01-29 11:15
Updated : 2020-01-31 11:10
NVD link : CVE-2013-2573
Mitre link : CVE-2013-2573
JSON object : View
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Products Affected
tp-link
- tl-sc_4171g_firmware
- tl-sc_3171g
- tl-sc_4171g
- tl-sc_3171g_firmware
- tl-sc_3130g
- tl-sc_3130g_firmware