CVE-2018-19537: Malicious File Upload
First published: Mon Nov 26 2018(Updated: )
TP-Link Archer C5 devices through V2_160201_US allow remote command execution via shell metacharacters on the wan_dyn_hostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin may be used in some cases.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tp-link Archer C5 Firmware | <=2_160201_us | |
| TP-Link Archer C5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-19537?
CVE-2018-19537 is a vulnerability that allows remote command execution on TP-Link Archer C5 devices.
How severe is CVE-2018-19537?
CVE-2018-19537 has a severity rating of 7.2 (critical).
How does CVE-2018-19537 work?
CVE-2018-19537 allows remote command execution by exploiting shell metacharacters on the wan_dyn_hostname line of a configuration file.
How can I protect my TP-Link Archer C5 device from CVE-2018-19537?
To protect against CVE-2018-19537, make sure to update your TP-Link Archer C5 firmware to a version that fixes the vulnerability.
Is there a fix available for CVE-2018-19537?
Yes, TP-Link has released a firmware update that fixes the vulnerability. Make sure to update your TP-Link Archer C5 device to the latest firmware version.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/tp-link
- canonical/tp-link archer c5 firmware
- version/tp-link archer c5 firmware/2_160201_us
- canonical/tp-link archer c5