CVE-2013-2573
published 2020-01-29CVE-2013-2573: A Command Injection vulnerability exists in the ap parameter to the /cgi-bin/mft/wireless_mft.cgi file in TP-Link IP Cameras TL-SC 3130, TL-SC 3130G, 3171G…
PriorityP277critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
42.24%
98.5th percentile
A Command Injection vulnerability exists in the ap parameter to the /cgi-bin/mft/wireless_mft.cgi file in TP-Link IP Cameras TL-SC 3130, TL-SC 3130G, 3171G. and 4171G 1.6.18P12s, which could let a malicious user execute arbitrary code.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openstack | nova | >= 0 < 12.0.0a0 | 12.0.0a0 |
| tp-link | tl-sc_3130g_firmware | <= 1.6.18p12 | — |
| tp-link | tl-sc_3171g_firmware | <= 1.6.18p12 | — |
| tp-link | tl-sc_4171g_firmware | <= 1.6.18p12 | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttp://192.168.1.100/cgi-bin/mft/wireless_mft?ap=travesti;cp%20/var/www/secret.passwd%20/web/html/credenciales↗
- →Detect HTTP requests to /cgi-bin/mft/wireless_mft.cgi (or wireless_mft) with the 'ap' parameter containing shell metacharacters (e.g. semicolons, pipes) indicative of command injection. ↗
- →Detect HTTP Basic Authentication attempts using the hardcoded username 'manufacture' and password 'erutcafunam' against TP-Link camera web interfaces. ↗
- →Monitor for access to /cgi-bin/mft/ endpoints (manufacture.cgi, wireless_mft.cgi) which are not visible from the normal user web interface and should never be accessed by legitimate users. ↗
- ·The hardcoded credentials ('manufacture'/'erutcafunam') are embedded in boa.conf and cannot be removed or changed by end users, making all unpatched devices permanently exposed to this attack vector. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat2.3LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
OpenStack Nova VMWare driver leaks rescued images
ghsa·2022-05-17
CVE-2014-2573 [HIGH] CWE-770 OpenStack Nova VMWare driver leaks rescued images
OpenStack Nova VMWare driver leaks rescued images
The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image.
GHSA
GHSA-wr3w-r4pc-583x: A Command Injection vulnerability exists in the ap parameter to the /cgi-bin/mft/wireless_mft
ghsa_unreviewed·2022-05-05
CVE-2013-2573 [HIGH] GHSA-wr3w-r4pc-583x: A Command Injection vulnerability exists in the ap parameter to the /cgi-bin/mft/wireless_mft
A Command Injection vulnerability exists in the ap parameter to the /cgi-bin/mft/wireless_mft.cgi file in TP-Link IP Cameras TL-SC 3130, TL-SC 3130G, 3171G. and 4171G 1.6.18P12s, which could let a malicious user execute arbitrary code.
Red Hat
openstack-nova: Nova VMware driver leaks rescued images
vendor_redhat·2014-01-20·CVSS 2.3
CVE-2014-2573 [LOW] CWE-400 openstack-nova: Nova VMware driver leaks rescued images
openstack-nova: Nova VMware driver leaks rescued images
The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image.
A denial of service flaw was found in the nova VMware driver. An authenticated user could exceed their quota by placing an image into rescue and then deleting it, causing the rescue image to be left behind. Note that only setups using the nova VMware driver were affected.
Package: openstack-nova (Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)) - Not affected
Package: openstack-nova (Red Hat OpenStack Platform 3) - Will not
No detection rules found.
http://www.securityfocus.com/bid/60195https://exchange.xforce.ibmcloud.com/vulnerabilities/84574https://packetstormsecurity.com/files/cve/CVE-2013-2573https://vuldb.com/?id.8912https://www.coresecurity.com/advisories/tp-link-IP-cameras-multiple-vulnerabilitieshttp://www.securityfocus.com/bid/60195https://exchange.xforce.ibmcloud.com/vulnerabilities/84574https://packetstormsecurity.com/files/cve/CVE-2013-2573https://vuldb.com/?id.8912https://www.coresecurity.com/advisories/tp-link-IP-cameras-multiple-vulnerabilities
2020-01-29
Published