Unrated severityNVD Advisory· Published Aug 8, 2018· Updated Aug 5, 2024

CVE-2018-15137

Description

CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as well. Because of the WebDAV feature, it is possible to upload arbitrary files by utilizing the PUT method.

Affected products

CeLa Link/CLR-M20llm-create

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/45021/mitreexploitx_refsource_EXPLOIT-DB
github.com/safakaslan/CelaLinkCLRM20/issues/1mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.022
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000