TP-Link M7350 multiple vulnerabilities - Kubernetes WAF | K8 Web Application Firewall | k8 Microservices Security

Common Vulnerabilities and Exposures

TP-Link M7350 multiple vulnerabilities

October 24, 2019

Overview :

Multiple security vulnerabilities in TP-Link M7350 devices

Affected Product(s) :

TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n and previous versions

Vulnerability Details :

CVE ID :	CVE-2019-13649
	TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow in the field “externalPort” an OS Command Injection
CVE ID :	CVE-2019-13650
	TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow in the field “internalPort” an OS Command Injection
CVE ID :	CVE-2019-13651
	TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow in the field “portMappingProtocol” an OS Command Injection
CVE ID :	CVE-2019-13652
	TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow in the field “serviceName” an OS Command Injection
CVE ID :	CVE-2019-13653
	TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow triggerPort OS Command Injection (issue 5 of 5)

Solution(s) :

Update TP-Link M7350 devices to the Latest Build

CVE-2019-13649 CVE-2019-13650 CVE-2019-13651 CVE-2019-13652 CVE-2019-13653 TP-Link M7350