Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormJavier Repiso SanchezPACKETSTORM:122007
HistoryJun 13, 2013 - 12:00 a.m.

TP-LINK TL-SC3171 Authentication Bypass

2013-06-1300:00:00
Javier Repiso Sanchez
packetstormsecurity.com
20

0.003 Low

EPSS

Percentile

68.1%

JSON
`===========================================================================  
TP-LINK  
====================================================================  
===========================================================================  
  
1.Advisory Information  
Title: TP-LINK TL-SC3171 Vulnerability  
Date Published: 12/06/2013  
Date of last updated: 12/06/2013  
  
2.Vulnerability Description  
The next vulnerability has been found in this device:  
-CVE-2013-3688. Authentication Bypass Issues(CWE-592) and Execution with Unnecessary Privileges(CWE-250).  
  
3.Affected Products  
-CVE-2013-3688. The following product are affected: TP-LINK TL-SC3171  
It’s possible others models are affected but they were not checked.  
  
4.PoC  
4.1.Execute Remote Command bypassing authentication  
CVE-2013-3688, Execute Remote Command bypassing authentication.  
We have found that is possible to reboot this kind of devices remotely. The attack vector is the following one:  
_____________________________________________________________________________  
http://xx.xx.xx.xx/cgi-bin/reboot  
http://xx.xx.xx.xx/cgi-bin/hardfactorydefault  
_____________________________________________________________________________  
  
In the first one you will get blank page and you can’t re-login until the device is reboot.  
In the second one, you will get a victory message and of course, in the next login you should introduce factory settings.  
  
5.Credits  
-CVE-2013-3688, was discovered by Eliezer Varadé Lopez, Javier Repiso Sánchez and Jonás Ropero Castillo.   
  
6.Report Timeline  
-2013-05-31: Students team notifies the TP-Link Customer Support of the vulnerability. No reply received.  
-2013-06-03: Students asks for a reply.   
-2013-06-04: TP-Link answers saying Coresecurity reported this vulnerability before and this has been corrected in a new beta firmware version.  
-2013-06-04: Students answer to the vendor saying that this vulnerability is different from the Coresecurity vulnerabilities.  
-2013-06-05: TP-Link answers saying this vulnerability is the same as the vulnerability reported by Coresecurity.  
-2013-06-05: Students respond by explaining the details of the vulnerability and confirming that the vulnerability is different.  
-2013-06-06: TP-Link answer confirming that the vulnerability is fixed with the latest patch for the reported vulnerabilities generated by Coresecurity. The beta version is available on the website of TP-Link   
`

Related

cve 1
zdt 1
nvd 1
prion 1
cvelist 1
cve
cve
CVE-2013-3688
2022-10-03 16:14:45
zdt
zdt
TP-LINK TL-SC3171 Authentication Bypass Vulnerability
2013-06-14 00:00:00
nvd
nvd
CVE-2013-3688
2013-10-01 19:55:09
prion
prion
Design/Logic Flaw
2013-10-01 19:55:00
cvelist
cvelist
CVE-2013-3688
2022-10-03 16:14:45

0.003 Low

EPSS

Percentile

68.1%

JSON
Related for PACKETSTORM:122007
cve1zdt1nvd1prion1cvelist1