dbappsecurity

2 exploits Active since May 2018

CVE-2018-11481 WRITEUP HIGH WORKING POC

TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, TL-IPC40A-4 <1.0.21 Auth RCE via JSON Injection

TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters.

CVSS 8.8

View Code

CVE-2018-11482 WRITEUP CRITICAL WRITEUP

TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, TL-IPC40A-4 < 1.0.21 - Hard-coded Credentials

/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password.

CVSS 9.8

View Code