CVE-2018-11481
moderate-risk
Published 2018-05-30
TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters.
Do I need to act?
~
1.7% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (4)
Ipc Tl-Ipc223\(P\)-6 Firmware
Tl-Ipc323K-D Firmware
Tl-Ipc325\(Kp\) Firmware
Tl-Ipc40A-4 Firmware
Affected Vendors
References (2)
Third Party Advisory
https://github.com/yough3rt/IOT-pwn-for-fun/blob/master/TP-LINK-websys-Authentic...
Third Party Advisory
https://github.com/yough3rt/IOT-pwn-for-fun/blob/master/TP-LINK-websys-Authentic...
44
/ 100
moderate-risk
Severity
30/34 · Critical
Exploitability
4/34 · Minimal
Exposure
10/34 · Low