Details of VAR-201906-1344

ID

VAR-201906-1344

CVE

CVE-2019-7406

TITLE

TP-Link Wi-Fi Extender Remote Code Execution Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2019-19471

DESCRIPTION

TP-LINK is a brand of Pulian Technology Co., Ltd., which is the mainstream manufacturer engaged in the research, development, manufacturing and marketing of network and communication terminal equipment. A remote code execution vulnerability exists in the TP-Link Wi-Fi Extender. Allows an attacker to execute arbitrary shell commands on the target Wi-Fi extender. Failed attempts will likely cause a denial-of-service condition. TP-LINK Wi-Fi Range Extenders RE365, RE650, RE350 and RE500 are vulnerable

Trust: 0.81

sources: CNVD: CNVD-2019-19471 // BID: 108819

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-19471

AFFECTED PRODUCTS

vendor:	tp link	model:	wi-fi extenders <re365 v1 190528	scope:	-	version:	-	Trust: 0.6
vendor:	tp link	model:	wi-fi extenders <re650 v1 190521	scope:	-	version:	-	Trust: 0.6
vendor:	tp link	model:	wi-fi extenders <re350 v1 190516	scope:	-	version:	-	Trust: 0.6
vendor:	tp link	model:	wi-fi extenders <re500 v1 190521	scope:	-	version:	-	Trust: 0.6
vendor:	tp link	model:	wi-fi range extender re650	scope:	-	version:	-	Trust: 0.3
vendor:	tp link	model:	wi-fi range extender re500	scope:	-	version:	-	Trust: 0.3
vendor:	tp link	model:	wi-fi range extender re365	scope:	-	version:	-	Trust: 0.3
vendor:	tp link	model:	wi-fi range extender re350	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2019-19471 // BID: 108819

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2019-19471
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2019-19471
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2019-19471

THREAT TYPE

network

Trust: 0.3

sources: BID: 108819

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 108819

PATCH

title:	Patch for TP-Link Wi-Fi Extender Remote Code Execution Vulnerability	url:	https://www.cnvd.org.cn/patchinfo/show/165533	Trust: 0.6
title:	alonzzzo	url:	https://github.com/alonzozzz/alonzzzo	Trust: 0.1
title:	-	url:	https://github.com/khulnasoft-lab/awesome-security	Trust: 0.1

sources: CNVD: CNVD-2019-19471 // VULMON: CVE-2019-7406

EXTERNAL IDS

db:	NVD	id:	CVE-2019-7406	Trust: 1.0
db:	CNVD	id:	CNVD-2019-19471	Trust: 0.6
db:	BID	id:	108819	Trust: 0.3
db:	VULMON	id:	CVE-2019-7406	Trust: 0.1

sources: CNVD: CNVD-2019-19471 // VULMON: CVE-2019-7406 // BID: 108819

REFERENCES

url:	https://securityaffairs.co/wordpress/87263/iot/zero-day-tp-link-wi-fi-extenders.html	Trust: 0.6
url:	https://securityintelligence.com/posts/critical-rce-vulnerability-in-tp-link-wi-fi-extenders-can-grant-attackers-remote-control/	Trust: 0.3
url:	http://www.tp-link.com/en/	Trust: 0.3
url:	https://www.tp-link.com/en/support/download/re350/#firmware	Trust: 0.3
url:	https://www.tp-link.com/en/support/download/re365/#firmware	Trust: 0.3
url:	https://www.tp-link.com/en/support/download/re500/#firmware	Trust: 0.3
url:	https://www.tp-link.com/en/support/download/re650/#firmware	Trust: 0.3
url:	https://github.com/alonzozzz/alonzzzo	Trust: 0.1

sources: CNVD: CNVD-2019-19471 // VULMON: CVE-2019-7406 // BID: 108819

CREDITS

Grzegorz Wypych.

Trust: 0.3

sources: BID: 108819

SOURCES

db:	CNVD	id:	CNVD-2019-19471
db:	VULMON	id:	CVE-2019-7406
db:	BID	id:	108819

LAST UPDATE DATE

2023-08-16T02:40:27.550000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-19471	date:	2019-06-27T00:00:00
db:	BID	id:	108819	date:	2019-05-30T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-19471	date:	2019-06-26T00:00:00
db:	BID	id:	108819	date:	2019-05-30T00:00:00