Login Sign Up

CVE-2018-15137

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2018-15137 is a critical vulnerability in CeLa Link CLR-M20 devices that allows unauthenticated attackers to upload arbitrary files via WebDAV's PUT method, leading to remote code execution. This affects all users of these devices with the vulnerable firmware. Attackers can gain complete control over affected devices.

💻 Affected Systems

Products:
  • CeLa Link CLR-M20
Versions: All versions prior to patched firmware
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in default configuration with WebDAV enabled.

📦 What is this software?

Clr M20 Firmware by Cela Link

View all CVEs affecting Clr M20 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of device leading to persistent backdoor installation, data theft, lateral movement within network, and use as attack platform.

🟠

Likely Case

Remote code execution allowing attacker to run arbitrary commands, install malware, or disrupt device functionality.

🟢

If Mitigated

Limited impact if device is isolated behind firewall with strict inbound rules and WebDAV disabled.

🌐 Internet-Facing: HIGH - Directly exploitable from internet without authentication.
🏢 Internal Only: HIGH - Exploitable from any network segment with access to device.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit code is publicly available and requires minimal technical skill to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check with vendor for latest firmware

Vendor Advisory: No official vendor advisory found in references

Restart Required: Yes

Instructions:

1. Contact CeLa Link for latest firmware. 2. Backup configuration. 3. Upload and install firmware via web interface. 4. Reboot device. 5. Verify WebDAV is disabled or properly secured.

🔧 Temporary Workarounds

Disable WebDAV

all

Disable WebDAV feature to prevent file uploads via PUT method

Network Segmentation

all

Isolate CLR-M20 devices in separate VLAN with strict firewall rules

🧯 If You Can't Patch

  • Immediately isolate device from internet and restrict network access
  • Implement strict firewall rules to block all inbound traffic except essential management

🔍 How to Verify

Check if Vulnerable:

Test if WebDAV PUT method accepts file uploads to device web interface without authentication

Check Version:

Check firmware version in device web interface under System Status or similar section

Verify Fix Applied:

Verify WebDAV is disabled or properly authenticated, and test that file uploads via PUT method are rejected

📡 Detection & Monitoring

Log Indicators:

  • WebDAV PUT requests
  • Unauthenticated file uploads
  • Unusual file creation in web directories

Network Indicators:

  • HTTP PUT requests to device on port 80/443
  • Unexpected outbound connections from device

SIEM Query:

source_ip="*" AND http_method="PUT" AND dest_ip="CLR-M20_IP" AND http_status="200"

📊 Metadata

CVE ID: CVE-2018-15137
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: August 8, 2018
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-15137, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)