| |
Vulnerability CVE-2018-15137
Published: 2018-08-07 Modified: 2018-08-08
| Description: |
CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as well. Because of the WebDAV feature, it is possible to upload arbitrary files by utilizing the PUT method. |
Type:
CWE-434 (Unrestricted Upload of File with Dangerous Type)
CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
10/10 |
10/10 |
10/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Complete |
Complete |
Complete |
References: |
https://github.com/safakaslan/CelaLinkCLRM20/issues/1
https://www.exploit-db.com/exploits/45021/
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
