Vulnerability Description
/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tp-Link | Ipc Tl-Ipc223\(P\)-6 Firmware | < 1.0.21 |
| Tp-Link | Ipc Tl-Ipc223\(P\)-6 | - |
| Tp-Link | Tl-Ipc323K-D Firmware | < 1.0.21 |
| Tp-Link | Tl-Ipc323K-D | - |
| Tp-Link | Tl-Ipc325\(Kp\) Firmware | < 1.0.21 |
| Tp-Link | Tl-Ipc325\(Kp\) | - |
| Tp-Link | Tl-Ipc40A-4 Firmware | < 1.0.21 |
| Tp-Link | Tl-Ipc40A-4 | - |
Related Weaknesses (CWE)
References
- https://github.com/yough3rt/IOT-pwn-for-fun/blob/master/TP-LINK-login-EscalationBroken Link
- https://www.us-cert.gov/ncas/bulletins/SB18-155Third Party Advisory
- https://github.com/yough3rt/IOT-pwn-for-fun/blob/master/TP-LINK-login-EscalationBroken Link
FAQ
What is CVE-2018-11482?
CVE-2018-11482 is a vulnerability with a CVSS score of 9.8 (CRITICAL). /usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password.
How severe is CVE-2018-11482?
CVE-2018-11482 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-11482?
Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Ipc Tl-Ipc223\(P\)-6 Firmware, Tp-Link Ipc Tl-Ipc223\(P\)-6, Tp-Link Tl-Ipc323K-D Firmware, Tp-Link Tl-Ipc323K-D, Tp-Link Tl-Ipc325\(Kp\) Firmware.