Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Tp-link Subscribe
Filtered by product Ipc Tl-ipc223\(p\)-6 Firmware
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-11481 1 Tp-link 8 Ipc Tl-ipc223\(p\)-6, Ipc Tl-ipc223\(p\)-6 Firmware, Tl-ipc323k-d and 5 more 2018-07-05 6.5 MEDIUM 8.8 HIGH
TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters.
CVE-2018-11482 1 Tp-link 8 Ipc Tl-ipc223\(p\)-6, Ipc Tl-ipc223\(p\)-6 Firmware, Tl-ipc323k-d and 5 more 2018-07-05 7.5 HIGH 9.8 CRITICAL
/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password.