CVE-2018-15137

CRITICAL

CeLa Link CLR-M20 - Unauthenticated Remote Code Execution via WebDAV PUT Method

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-15137. PoCs published by Safak Aslan.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload vulnerability in Cela Link CLR-M20 via WebDAV's PUT method, allowing remote code execution by uploading malicious files (e.g., .asp, .aspx). The PoC shows a simple HTML file upload, but the technique can be extended to execute server-side scripts.

Description

CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as well. Because of the WebDAV feature, it is possible to upload arbitrary files by utilizing the PUT method.

Exploits (1)

exploitdb WORKING POC
by Safak Aslan · textwebappshardware
https://www.exploit-db.com/exploits/45021

This exploit demonstrates an arbitrary file upload vulnerability in Cela Link CLR-M20 via WebDAV's PUT method, allowing remote code execution by uploading malicious files (e.g., .asp, .aspx). The PoC shows a simple HTML file upload, but the technique can be extended to execute server-side scripts.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Cela Link CLR-M20 2.7.1.6
No auth needed
Prerequisites: WebDAV enabled on target · Network access to target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://github.com/safakaslan/CelaLinkCLRM20/issues/1
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/45021/

Scores

CVSS v3 9.8
EPSS 0.1820
EPSS Percentile 96.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (1)
cela_link/clr-m20_firmware 2.7.1.6
Published Aug 08, 2018
Tracked Since Feb 18, 2026