CVE-2018-15137

{"id": "CVE-2018-15137", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2018-08-08T00:29:01.020", "references": [{"url": "https://github.com/safakaslan/CelaLinkCLRM20/issues/1", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/45021/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as well. Because of the WebDAV feature, it is possible to upload arbitrary files by utilizing the PUT method."}, {"lang": "es", "value": "Los dispositivos CeLa Link CLR-M20 permiten que usuarios no autorizados suban cualquier archivo (p. ej., asp, aspx, cfm, html, jhtml, jsp o shtml), que tambi\u00e9n provocan la ejecuci\u00f3n remota de c\u00f3digo. Debido a la caracter\u00edstica WebDAV, es posible subir archivos arbitrarios mediante el m\u00e9todo PUT."}], "lastModified": "2018-10-23T17:16:22.297", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cela_link:clr-m20_firmware:2.7.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA2A4AA8-CEAF-4375-A490-A5B26ABB0732"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cela_link:clr-m20:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2532AE1A-7535-4C2C-A367-7C2D50367371"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}