CVE-2017-8218

Name of the Vulnerable Software and Affected Versions vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n

Description The issue is related to the use of predefined accounts in the vsftpd component of the TP-Link C2 and C20i router firmware. The accounts include admin with password 1234, guest with password guest, and test with password test. Exploitation of this issue may allow a remote attacker to impact the confidentiality, integrity, and availability of data.

Recommendations For vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n, consider changing the default passwords of the admin, guest, and test accounts to prevent unauthorized access. As a temporary workaround, restrict access to these accounts until a patch is available.