CVE-2023-43137

TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tp-link:tl-er5120g_firmware:2.0.0:build_210817:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er5120g:4.0:*:*:*:*:*:*:*

History

21 Nov 2024, 08:23

Type Values Removed Values Added
References () https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/command%20injection/01/command%20injection01.md - Exploit, Third Party Advisory () https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/command%20injection/01/command%20injection01.md - Exploit, Third Party Advisory

22 Sep 2023, 02:11

Type Values Removed Values Added
CPE cpe:2.3:o:tp-link:tl-er5120g_firmware:2.0.0:build_210817:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er5120g:4.0:*:*:*:*:*:*:*
First Time Tp-link tl-er5120g Firmware
Tp-link tl-er5120g
Tp-link
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
References (MISC) https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/command%20injection/01/command%20injection01.md - (MISC) https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/command%20injection/01/command%20injection01.md - Exploit, Third Party Advisory
CWE CWE-77

20 Sep 2023, 20:18

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-20 20:15

Updated : 2024-11-21 08:23


NVD link : CVE-2023-43137

Mitre link : CVE-2023-43137

CVE.ORG link : CVE-2023-43137


JSON object : View

Products Affected

tp-link

  • tl-er5120g_firmware
  • tl-er5120g
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')