Post-Authentication Command Injection Vulnerability in TP-Link M7350 V3
CVE-2019-12104

8.8HIGH

Key Information:

Vendor: Tp-link
Status: M7350 Firmware
Vendor: CVE Published:; 14 August 2019

What is CVE-2019-12104?

The TP-Link M7350 V3 web-based configuration interface is susceptible to multiple command injection vulnerabilities that can be exploited once a user has been authenticated. Attackers can leverage this flaw to execute arbitrary commands on the device, compromising its integrity and potentially gaining unauthorized access to sensitive information or network resources. Users are advised to update their firmware to version 190531 or later to mitigate these vulnerabilities.

References

https://www.pentestpartners.com/security-blog/cve-2019-12...

x_refsource_MISC

https://www.tp-link.com/uk/support/download/m7350/v3/#Fir...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 14, 2019
Vulnerability Reserved
May 15, 2019

Tp-link

What is CVE-2019-12104?

References

CVSS V3.1

Timeline