Vulnerability Description
TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tp-Link | Ipc Tl-Ipc223\(P\)-6 Firmware | < 1.0.21 |
| Tp-Link | Ipc Tl-Ipc223\(P\)-6 | - |
| Tp-Link | Tl-Ipc323K-D Firmware | < 1.0.21 |
| Tp-Link | Tl-Ipc323K-D | - |
| Tp-Link | Tl-Ipc325\(Kp\) Firmware | < 1.0.21 |
| Tp-Link | Tl-Ipc325\(Kp\) | - |
| Tp-Link | Tl-Ipc40A-4 Firmware | < 1.0.21 |
| Tp-Link | Tl-Ipc40A-4 | - |
Related Weaknesses (CWE)
References
- https://github.com/yough3rt/IOT-pwn-for-fun/blob/master/TP-LINK-websys-AuthenticThird Party Advisory
- https://github.com/yough3rt/IOT-pwn-for-fun/blob/master/TP-LINK-websys-AuthenticThird Party Advisory
FAQ
What is CVE-2018-11481?
CVE-2018-11481 is a vulnerability with a CVSS score of 8.8 (HIGH). TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua do...
How severe is CVE-2018-11481?
CVE-2018-11481 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-11481?
Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Ipc Tl-Ipc223\(P\)-6 Firmware, Tp-Link Ipc Tl-Ipc223\(P\)-6, Tp-Link Tl-Ipc323K-D Firmware, Tp-Link Tl-Ipc323K-D, Tp-Link Tl-Ipc325\(Kp\) Firmware.