CVE-2013-2578

2022-10-0316:15:02

CWE-78

[email protected]

web.nvd.nist.gov

cve-2013-2578

tp-link

ip cameras

remote command execution

vulnerability

nvd

security advisory

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.5%

JSON

cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the ServerName parameter and (2) other unspecified parameters.

Affected configurations

NVD

Node

tp-linktl-sc3130Match-

tp-linktl-sc3130gMatch-

tp-linktl-sc3171Match-

tp-linktl-sc3171gMatch-

AND

tp-linklm_firmwareRange≤1.6.18p12_sign5

CPENameOperatorVersion
tp-link:tl-sc3130tp-link tl-sc3130eq-
tp-link:tl-sc3130gtp-link tl-sc3130geq-
tp-link:tl-sc3171tp-link tl-sc3171eq-
tp-link:tl-sc3171gtp-link tl-sc3171geq-
tp-link:lm_firmwaretp-link lm firmwarele1.6.18p12_sign5

CPE	Name	Operator	Version
tp-link:tl-sc3130	tp-link tl-sc3130	eq	-
tp-link:tl-sc3130g	tp-link tl-sc3130g	eq	-
tp-link:tl-sc3171	tp-link tl-sc3171	eq	-
tp-link:tl-sc3171g	tp-link tl-sc3171g	eq	-
tp-link:lm_firmware	tp-link lm firmware	le	1.6.18p12_sign5