CVE-2019-6487

high-risk

Published 2019-01-18

TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included in the weather get_weather_observe citycode field.

Do I need to act?

24.9% chance of exploitation in next 30 days

EPSS score — higher than 75% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (5)

Tl-Wdr5620 Firmware

Tl-Wdr3500 Firmware

Tl-Wdr3600 Firmware

Tl-Wdr4300 Firmware

Tl-Wdr4900 Firmware

Affected Vendors

Tp-Link

References (2)

Exploit https://github.com/0xcc-Since2016/TP-Link-WDR-Router-Command-injection_POC/blob/...

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 15/34 · Moderate

Exposure 12/34 · Low