CVE-2018-15137
published 2018-08-08CVE-2018-15137: CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as…
PriorityP274critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
18.20%
96.8th percentile
CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as well. Because of the WebDAV feature, it is possible to upload arbitrary files by utilizing the PUT method.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cela_link | clr-m20_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Use Shodan dork 'CLR-M20' to identify internet-exposed vulnerable devices. ↗
- →A successful exploit returns HTTP 201 Created with Content-Length: 0; alert on this response code following a PUT request to a CLR-M20 device. ↗
- ·No authentication is required to exploit this vulnerability; the device accepts unauthenticated WebDAV PUT requests. ↗
- ·The vulnerability is confirmed on firmware version 2.7.1.6 of the CeLa Link CLR-M20 device. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
2018-08-08
Published