cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the ServerName parameter and (2) other unspecified parameters.
References
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2013-10-11 14:55
Updated : 2013-10-15 06:13
NVD link : CVE-2013-2578
Mitre link : CVE-2013-2578
JSON object : View
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Products Affected
tp-link
- tl-sc3171
- lm_firmware
- tl-sc3130
- tl-sc3171g
- tl-sc3130g