What is CVE-2013-2578?

CVE-2013-2578 is a vulnerability in Tp-link Lm_firmware, classified under OS Command Injection. Published 2013-10-11.

Is CVE-2013-2578 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Tp-link Lm_firmware

CVE-2013-2578

cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to execute arbitrary commands via shell metacharacters in…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.745 (98.9th percentile) — read the EPSS interpretation.

Affected products

Tp-link Lm_firmware
Tp-link Tl-sc3130
Tp-link Tl-sc3130g
Tp-link Tl-sc3171
Tp-link Tl-sc3171g
N/a — versions n/a

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

rapid7/metasploit-framework
ARPSyndicate/cve-scores

References

cve@mitre.org (Exploit, x_refsource_MISC)

Frequently asked questions

What is CVE-2013-2578?: CVE-2013-2578 is a vulnerability in Tp-link Lm_firmware, classified under OS Command Injection. Published 2013-10-11.
Is CVE-2013-2578 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.