CVE-2018-19537

Published: Nov 26, 2018Modified: Nov 21, 2024

7.2

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

TP-Link Archer C5 devices through V2_160201_US allow remote command execution via shell metacharacters on the wan_dyn_hostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin may be used in some cases.

Affected (1)

Products: Tp Link: Archer C5 Firmware

1 product

Archer C5 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tp Link Archer C5 Firmware	Up to 2_160201_us

Running on/with	Platform Versions
Tp Link Archer C5	All versions

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://github.com/JackDoan/TP-Link-ArcherC5-RCE

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/JackDoan/TP-Link-ArcherC5-RCE

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.