CVE-2018-11481

TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
VendorProductVersion
tp-linkipc_tl-ipc223\(p\)-6_firmware
𝑥
< 1.0.21
tp-linktl-ipc323k-d_firmware
𝑥
< 1.0.21
tp-linktl-ipc325\(kp\)_firmware
𝑥
< 1.0.21
tp-linktl-ipc40a-4_firmware
𝑥
< 1.0.21
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/yough3rt/IOT-pwn-for-fun/blob/master/TP-LINK-websys-Authenticated-RCE
https://github.com/yough3rt/IOT-pwn-for-fun/blob/master/TP-LINK-websys-Authenticated-RCE