CVE-2019-6487

TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included in the weather get_weather_observe citycode field.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tp-link:tl-wdr5620_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wdr5620:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:tp-link:tl-wdr3500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wdr3500:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:tp-link:tl-wdr3600_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wdr3600:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:tp-link:tl-wdr4300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wdr4300:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:tp-link:tl-wdr4900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wdr4900:-:*:*:*:*:*:*:*

Information

Published : 2019-01-18 02:29

Updated : 2020-08-24 10:37


NVD link : CVE-2019-6487

Mitre link : CVE-2019-6487


JSON object : View

CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Advertisement

dedicated server usa

Products Affected

tp-link

  • tl-wdr3500_firmware
  • tl-wdr5620
  • tl-wdr4300
  • tl-wdr4300_firmware
  • tl-wdr3500
  • tl-wdr5620_firmware
  • tl-wdr4900
  • tl-wdr4900_firmware
  • tl-wdr3600_firmware
  • tl-wdr3600