Vulnerability Description
TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included in the weather get_weather_observe citycode field.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tp-Link | Tl-Wdr5620 Firmware | <= 3.0 |
| Tp-Link | Tl-Wdr5620 | - |
| Tp-Link | Tl-Wdr3500 Firmware | <= 3.0 |
| Tp-Link | Tl-Wdr3500 | - |
| Tp-Link | Tl-Wdr3600 Firmware | <= 3.0 |
| Tp-Link | Tl-Wdr3600 | - |
| Tp-Link | Tl-Wdr4300 Firmware | <= 3.0 |
| Tp-Link | Tl-Wdr4300 | - |
| Tp-Link | Tl-Wdr4900 Firmware | <= 3.0 |
| Tp-Link | Tl-Wdr4900 | - |
Related Weaknesses (CWE)
References
- https://github.com/0xcc-Since2016/TP-Link-WDR-Router-Command-injection_POC/blob/ExploitThird Party Advisory
- https://github.com/0xcc-Since2016/TP-Link-WDR-Router-Command-injection_POC/blob/ExploitThird Party Advisory
FAQ
What is CVE-2019-6487?
CVE-2019-6487 is a vulnerability with a CVSS score of 8.8 (HIGH). TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included ...
How severe is CVE-2019-6487?
CVE-2019-6487 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-6487?
Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Tl-Wdr5620 Firmware, Tp-Link Tl-Wdr5620, Tp-Link Tl-Wdr3500 Firmware, Tp-Link Tl-Wdr3500, Tp-Link Tl-Wdr3600 Firmware.