Vulnerabilities (CVE)

Filtered by vendor Tp-link Subscribe
Filtered by product Lm Firmware
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-3688 1 Tp-link 5 Lm Firmware, Tl-sc3130, Tl-sc3130g and 2 more 2024-02-04 7.1 HIGH N/A
The TP-Link IP Cameras TL-SC3171, TL-SC3130, TL-SC3130G, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6, does not properly restrict access to certain administrative functions, which allows remote attackers to (1) cause a denial of service (device reboot) via a request to cgi-bin/reboot or (2) cause a denial of service (reboot and reset to factory defaults) via a request to cgi-bin/hardfactorydefault.
CVE-2013-2579 1 Tp-link 5 Lm Firmware, Tl-sc3130, Tl-sc3130g and 2 more 2024-02-04 10.0 HIGH N/A
TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 have an empty password for the hardcoded "qmik" account, which allows remote attackers to obtain administrative access via a TELNET session.
CVE-2013-2581 1 Tp-link 5 Lm Firmware, Tl-sc3130, Tl-sc3130g and 2 more 2024-02-04 7.8 HIGH N/A
cgi-bin/firmwareupgrade in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to modify the firmware revision via a "preset" action.
CVE-2013-2580 1 Tp-link 5 Lm Firmware, Tl-sc3130, Tl-sc3130g and 2 more 2024-02-04 7.1 HIGH N/A
Unrestricted file upload vulnerability in cgi-bin/uploadfile in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6, allows remote attackers to upload arbitrary files, then accessing it via a direct request to the file in the mnt/mtd directory.
CVE-2013-2578 1 Tp-link 5 Lm Firmware, Tl-sc3130, Tl-sc3130g and 2 more 2024-02-04 10.0 HIGH N/A
cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the ServerName parameter and (2) other unspecified parameters.