CVE-2019-6487 - Vulnerability Details - OpenCVE

TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included in the weather get_weather_observe citycode field.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tp-link	Tl-wdr3500 Tl-wdr3500 Firmware Tl-wdr3600 Tl-wdr3600 Firmware Tl-wdr4300 Tl-wdr4300 Firmware Tl-wdr4900 Tl-wdr4900 Firmware Tl-wdr5620 Tl-wdr5620 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:tp-link:tl-wdr5620_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-wdr5620:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:tp-link:tl-wdr3500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-wdr3500:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:tp-link:tl-wdr3600_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-wdr3600:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:tp-link:tl-wdr4300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-wdr4300:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:tp-link:tl-wdr4900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-wdr4900:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/0xcc-Since2016/TP-Link-WDR-Router-Command-injection_POC/blob/master/poc.py

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-01-18T10:00:00Z

Updated: 2024-09-17T03:22:42.398Z

Reserved: 2019-01-18T00:00:00Z

Link: CVE-2019-6487

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-01-18T10:29:00.190

Modified: 2024-11-21T04:46:32.233

Link: CVE-2019-6487

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included in the weather get_weather_observe citycode field."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-01-18T10:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/0xcc-Since2016/TP-Link-WDR-Router-Command-injection_POC/blob/master/poc.py"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-6487", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included in the weather get_weather_observe citycode field."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/0xcc-Since2016/TP-Link-WDR-Router-Command-injection_POC/blob/master/poc.py", "refsource": "MISC", "url": "https://github.com/0xcc-Since2016/TP-Link-WDR-Router-Command-injection_POC/blob/master/poc.py"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:23:22.099Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/0xcc-Since2016/TP-Link-WDR-Router-Command-injection_POC/blob/master/poc.py"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-6487", "datePublished": "2019-01-18T10:00:00Z", "dateReserved": "2019-01-18T00:00:00Z", "dateUpdated": "2024-09-17T03:22:42.398Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:tl-wdr5620_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7FE71E21-DD2D-430D-94E7-B9FA75FB563B", "versionEndIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:tl-wdr5620:-:*:*:*:*:*:*:*", "matchCriteriaId": "9AA35C83-DDC5-4594-8719-C6FB5D4EF1C3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:tl-wdr3500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8572D9C-7B2F-46DB-8F8C-25D583A809F7", "versionEndIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:tl-wdr3500:-:*:*:*:*:*:*:*", "matchCriteriaId": "40DBDE6B-34F9-409E-B2F5-3C8B4FCB31BA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:tl-wdr3600_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4AA8145D-9ED8-475D-9050-4B586AFD67F3", "versionEndIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:tl-wdr3600:-:*:*:*:*:*:*:*", "matchCriteriaId": "AF50EF58-1803-4634-A437-2FA371325157", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:tl-wdr4300_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "07432606-0565-443D-BBB3-D506467E9A47", "versionEndIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:tl-wdr4300:-:*:*:*:*:*:*:*", "matchCriteriaId": "C24928A1-5158-41FF-B29C-9E7AEC7BED31", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:tl-wdr4900_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7FADA10D-5CDC-4413-8A6E-5723B039F1FA", "versionEndIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:tl-wdr4900:-:*:*:*:*:*:*:*", "matchCriteriaId": "52D7618A-6ADF-44B9-8691-F6F0F8213BB8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included in the weather get_weather_observe citycode field."}, {"lang": "es", "value": "Los dispositivos TP-Link WDR Series hasta la versi\u00f3n de firmware v3 (como TL-WDR5620 V3.0) se ven afectados por una inyecci\u00f3n de comandos (despu\u00e9s de iniciar sesi\u00f3n), conduciendo a la ejecuci\u00f3n remota de c\u00f3digo debido a que se pueden incluir metacaracteres shell en el campo weather\" en \"get_weather_observe citycode\"."}], "id": "CVE-2019-6487", "lastModified": "2024-11-21T04:46:32.233", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-01-18T10:29:00.190", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/0xcc-Since2016/TP-Link-WDR-Router-Command-injection_POC/blob/master/poc.py"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/0xcc-Since2016/TP-Link-WDR-Router-Command-injection_POC/blob/master/poc.py"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}