CVE-2018-16119

Stack-based buffer overflow in the httpd server of TP-Link WR1043nd (Firmware Version 3) allows remote attackers to execute arbitrary code via a malicious MediaServer request to /userRpm/MediaServerFoldersCfgRpm.htm.

Published: Jun 20, 2019
Updated: Apr 13, 2023
CVE: CVE-2018-16119
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9
AV:N/AC:L/Au:S/C:C/I:C/A:C

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
tp-link / tl-wr1043nd_firmware	3.00	3.00.x

http://tp-link.com/
https://www.secsignal.org/news/exploiting-routers-just-another-tp-link-0day

Vulnerability Database

290,301

CVE-2018-16119