CVE-2018-15137

Published: Aug 8, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as well. Because of the WebDAV feature, it is possible to upload arbitrary files by utilizing the PUT method.

Affected (1)

Products: Cela Link: Clr M20 Firmware

1 product

Clr M20 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cela Link Clr M20 Firmware	Version 2.7.1.6

Running on/with	Platform Versions
Cela Link Clr M20	All versions

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

https://github.com/safakaslan/CelaLinkCLRM20/issues/1

Source: cve@mitre.org

Third Party Advisory

https://www.exploit-db.com/exploits/45021/

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://github.com/safakaslan/CelaLinkCLRM20/issues/1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.exploit-db.com/exploits/45021/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.