CVE-2013-2580

2022-10-0316:15:00

[email protected]

web.nvd.nist.gov

cve-2013-2580

file upload

vulnerability

tp-link ip cameras

security

nvd

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:C/A:N

7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.8%

JSON

Unrestricted file upload vulnerability in cgi-bin/uploadfile in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6, allows remote attackers to upload arbitrary files, then accessing it via a direct request to the file in the mnt/mtd directory.

Affected configurations

NVD

Node

tp-linktl-sc3130Match-

tp-linktl-sc3130gMatch-

tp-linktl-sc3171Match-

tp-linktl-sc3171gMatch-

AND

tp-linklm_firmwareRange≤1.6.18p12_sign5

CPENameOperatorVersion
tp-link:tl-sc3130tp-link tl-sc3130eq-
tp-link:tl-sc3130gtp-link tl-sc3130geq-
tp-link:tl-sc3171tp-link tl-sc3171eq-
tp-link:tl-sc3171gtp-link tl-sc3171geq-
tp-link:lm_firmwaretp-link lm firmwarele1.6.18p12_sign5

CPE	Name	Operator	Version
tp-link:tl-sc3130	tp-link tl-sc3130	eq	-
tp-link:tl-sc3130g	tp-link tl-sc3130g	eq	-
tp-link:tl-sc3171	tp-link tl-sc3171	eq	-
tp-link:tl-sc3171g	tp-link tl-sc3171g	eq	-
tp-link:lm_firmware	tp-link lm firmware	le	1.6.18p12_sign5