CVE-2019-6487
HIGHTp-link Tl-wdr5620 Firmware < 3.0 - OS Command Injection
Title source: ruleDescription
TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included in the weather get_weather_observe citycode field.
Exploits (1)
nomisec
WORKING POC
40 stars
by afang5472 · poc
https://github.com/afang5472/TP-Link-WDR-Router-Command-injection_POC
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/0xcc-Since2016/TP-Link-WDR-Router-Command-injection_POC/blob/master/poc.py
Scores
CVSS v3
8.8
EPSS
0.2493
EPSS Percentile
96.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (5)
tp-link/tl-wdr3500_firmware
< 3.0
tp-link/tl-wdr3600_firmware
< 3.0
tp-link/tl-wdr4300_firmware
< 3.0
tp-link/tl-wdr4900_firmware
< 3.0
tp-link/tl-wdr5620_firmware
< 3.0
Published
Jan 18, 2019
Tracked Since
Feb 18, 2026