Tp-Link Lm Firmware vulnerabilities
5 known vulnerabilities affecting tp-link/lm_firmware.
Total CVEs
5
CISA KEV
0
Public exploits
4
Exploited in wild
1
Severity breakdown
CRITICAL2HIGH3
Vulnerabilities
Page 1 of 1
CVE-2013-2578P1CRITICALCVSS 10.0ExploitedPoC≤ 1.6.18p12_sign52013-10-11
CVE-2013-2578 [CRITICAL] CWE-78 CVE-2013-2578: cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and poss
cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the ServerName parameter and (2) other unspecified parameters.
nvd
CVE-2013-2579P2CRITICALCVSS 10.0PoC≤ 1.6.18p12_sign52013-10-11
CVE-2013-2579 [CRITICAL] CWE-255 CVE-2013-2579: TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before be
TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 have an empty password for the hardcoded "qmik" account, which allows remote attackers to obtain administrative access via a TELNET session.
nvd
CVE-2013-2581P3HIGHCVSS 7.8PoC≤ 1.6.18p12_sign52013-10-11
CVE-2013-2581 [HIGH] CWE-264 CVE-2013-2581: cgi-bin/firmwareupgrade in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and poss
cgi-bin/firmwareupgrade in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to modify the firmware revision via a "preset" action.
nvd
CVE-2013-2580P3HIGHCVSS 7.1PoC≤ 1.6.18p12_sign52013-10-11
CVE-2013-2580 [HIGH] CVE-2013-2580: Unrestricted file upload vulnerability in cgi-bin/uploadfile in TP-Link IP Cameras TL-SC3130, TL-SC3
Unrestricted file upload vulnerability in cgi-bin/uploadfile in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6, allows remote attackers to upload arbitrary files, then accessing it via a direct request to the file in the mnt/mtd directory.
nvd
CVE-2013-3688P4HIGHCVSS 7.1≤ 1.6.18p12_sign52013-10-01
CVE-2013-3688 [HIGH] CWE-264 CVE-2013-3688: The TP-Link IP Cameras TL-SC3171, TL-SC3130, TL-SC3130G, TL-SC3171G, and possibly other models befor
The TP-Link IP Cameras TL-SC3171, TL-SC3130, TL-SC3130G, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6, does not properly restrict access to certain administrative functions, which allows remote attackers to (1) cause a denial of service (device reboot) via a request to cgi-bin/reboot or (2) cause a denial of service (reb
nvd