CVE-2013-2572

HIGH

TP-LINK TL-SC 3130, TL-SC 3130G, TL-SC 3171G, TL-SC 4171G < 1.6.18p12 - Security Bypass via Hard-coded Credentials

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-2572. PoCs published by Core Security.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in TP-Link IP cameras, including hard-coded credentials (CVE-2013-2572) and OS command injection (CVE-2013-2573). The PoC demonstrates how an attacker can bypass authentication and execute arbitrary commands via the 'wireless_mft.cgi' endpoint.

Description

A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, 4171G, and 3130 1.6.18P12 due to default hard-coded credentials for the administrative Web interface, which could let a malicious user obtain unauthorized access to CGI files.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Core Security · textwebappshardware
https://www.exploit-db.com/exploits/25812

This advisory details multiple vulnerabilities in TP-Link IP cameras, including hard-coded credentials (CVE-2013-2572) and OS command injection (CVE-2013-2573). The PoC demonstrates how an attacker can bypass authentication and execute arbitrary commands via the 'wireless_mft.cgi' endpoint.

Classification
Writeup 100%
Attack Type
Rce | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: TP-Link IP cameras (firmware v1.6.18P12 and below)
No auth needed
Prerequisites: Network access to the vulnerable device
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/60194
Exploit, Patch, Third Party Advisory, VDB Entry x_refsource_misc
http://www.exploit-db.com/exploits/25812
Third Party Advisory, VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/84573
Exploit, Patch, Third Party Advisory x_refsource_misc
https://www.coresecurity.com/advisories/tp-link-ip-cameras-multiple-vulnerabilities
Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/cve/CVE-2013-2572

Scores

CVSS v3 7.5
EPSS 0.1643
EPSS Percentile 96.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-798
Status published
Products (4)
tp-link/tl-sc_3130_firmware < 1.6.18p12
tp-link/tl-sc_3130g_firmware < 1.6.18p12
tp-link/tl-sc_3171g_firmware < 1.6.18p12
tp-link/tl-sc_4171g_firmware < 1.6.18p12
Published Jan 29, 2020
Tracked Since Feb 18, 2026