Sign-up

ID

VAR-201808-0608


CVE

CVE-2018-15137


TITLE

CeLa Link CLR-M20 Device unrestricted upload vulnerability type file vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-009354

DESCRIPTION

CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as well. Because of the WebDAV feature, it is possible to upload arbitrary files by utilizing the PUT method. CeLa Link CLR-M20 The device contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CeLa Link CLR-M20 is a wireless router product. A security vulnerability exists in CeLa Link CLR-M20

Trust: 1.8

sources: NVD: CVE-2018-15137 // JVNDB: JVNDB-2018-009354 // VULHUB: VHN-125366 // VULMON: CVE-2018-15137

AFFECTED PRODUCTS

vendor:cela linkmodel:clr-m20scope:eqversion:2.7.1.6

Trust: 1.6

vendor:cela linkmodel:clr-m20scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-009354 // CNNVD: CNNVD-201808-232 // NVD: CVE-2018-15137

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15137
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-15137
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201808-232
value: CRITICAL

Trust: 0.6

VULHUB: VHN-125366
value: HIGH

Trust: 0.1

VULMON: CVE-2018-15137
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-15137
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-125366
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15137
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-125366 // VULMON: CVE-2018-15137 // JVNDB: JVNDB-2018-009354 // CNNVD: CNNVD-201808-232 // NVD: CVE-2018-15137

PROBLEMTYPE DATA

problemtype:CWE-434

Trust: 1.9

sources: VULHUB: VHN-125366 // JVNDB: JVNDB-2018-009354 // NVD: CVE-2018-15137

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-232

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201808-232

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-009354

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-125366

PATCH
title:Top Pageurl:http://www.celalink.com
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-009354

EXTERNAL IDS
db:NVDid:CVE-2018-15137
Trust: 2.6
db:EXPLOIT-DBid:45021
Trust: 2.0
db:JVNDBid:JVNDB-2018-009354
Trust: 0.8
db:CNNVDid:CNNVD-201808-232
Trust: 0.7
db:VULHUBid:VHN-125366
Trust: 0.1
db:VULMONid:CVE-2018-15137
Trust: 0.1
sources:
            
            
            VULHUB: VHN-125366 // 
            
            
            
            VULMON: CVE-2018-15137 // 
            
            
            
            JVNDB: JVNDB-2018-009354 // 
            
            
            
            CNNVD: CNNVD-201808-232 // 
            
            
            
            NVD: CVE-2018-15137

REFERENCES
url:https://www.exploit-db.com/exploits/45021/
Trust: 2.0
url:https://github.com/safakaslan/celalinkclrm20/issues/1
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15137
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-15137
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/434.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-125366 // 
            
            
            
            VULMON: CVE-2018-15137 // 
            
            
            
            JVNDB: JVNDB-2018-009354 // 
            
            
            
            CNNVD: CNNVD-201808-232 // 
            
            
            
            NVD: CVE-2018-15137

SOURCES
db:VULHUBid:VHN-125366
db:VULMONid:CVE-2018-15137
db:JVNDBid:JVNDB-2018-009354
db:CNNVDid:CNNVD-201808-232
db:NVDid:CVE-2018-15137

LAST UPDATE DATE
2024-11-23T22:34:08.407000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-125366date:2018-10-23T00:00:00
db:VULMONid:CVE-2018-15137date:2018-10-23T00:00:00
db:JVNDBid:JVNDB-2018-009354date:2018-11-16T00:00:00
db:CNNVDid:CNNVD-201808-232date:2018-08-08T00:00:00
db:NVDid:CVE-2018-15137date:2024-11-21T03:50:23.037

SOURCES RELEASE DATE
db:VULHUBid:VHN-125366date:2018-08-08T00:00:00
db:VULMONid:CVE-2018-15137date:2018-08-08T00:00:00
db:JVNDBid:JVNDB-2018-009354date:2018-11-16T00:00:00
db:CNNVDid:CNNVD-201808-232date:2018-08-08T00:00:00
db:NVDid:CVE-2018-15137date:2018-08-08T00:29:01.020