Unrestricted File Upload Vulnerability in TP-Link IP Cameras
CVE-2013-2580

Currently unrated

Key Information:

Vendor: Tp-link
Status: Tl-sc3130; Tl-sc3130g; Tl-sc3171; Tl-sc3171g
Vendor: CVE Published:; 11 October 2013

Summary

An unrestricted file upload vulnerability found in the uploadfile script of TP-Link IP Cameras, such as the TL-SC3130 and TL-SC3171, allows remote attackers to upload arbitrary files without proper validation. This exploit is particularly dangerous as it enables unauthorized users to access uploaded files directly from the device's mnt/mtd directory. Affected users should upgrade to the beta firmware version LM.1.6.18P12_sign6 or later to protect their devices from potential exploitation.

References

http://www.coresecurity.com/advisories/multiple-vulnerabi...

x_refsource_MISC

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 11, 2013