Vulnerability Details CVE-2019-12104
The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by several post-authentication command injection vulnerabilities.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.047
EPSS Ranking 90.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
- https://www.pentestpartners.com/security-blog/cve-2019-12103-analysis-of-a-pre-auth-rce-on-the-tp-link-m7350-with-ghidra/
- https://www.tp-link.com/uk/support/download/m7350/v3/#Firmware
- https://www.pentestpartners.com/security-blog/cve-2019-12103-analysis-of-a-pre-auth-rce-on-the-tp-link-m7350-with-ghidra/
- https://www.tp-link.com/uk/support/download/m7350/v3/#Firmware
Products affected by CVE-2019-12104
-
cpe:2.3:h:tp-link:m7350:v3
-
cpe:2.3:o:tp-link:m7350_firmware:-
-
cpe:2.3:o:tp-link:m7350_firmware:1.0.16
-
cpe:2.3:o:tp-link:m7350_firmware:151021
-
cpe:2.3:o:tp-link:m7350_firmware:160330