cvedb.io
CVE-2018-19537
HIGH · CVSS 7.2
EPSS exploitation probability: 0%
Published 2018-11-26T03:29:00.253 · Last modified 2026-06-17T01:49:27.710

Summary

TP-Link Archer C5 devices through V2_160201_US allow remote command execution via shell metacharacters on the wan_dyn_hostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin may be used in some cases.

Affected products

tp-link — archer_c5_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when tp-link ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.