PT-2018-3320 · Tp Link · Tp-Link Tl-R600Vpn
Published
2018-11-18
·
Updated
2023-02-03
·
CVE-2018-3948
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
TP-Link TL-R600VPN (affected versions not specified)
Description
The issue is related to insufficient input validation in the URI parsing functionality of the TP-Link TL-R600VPN HTTP server. This can be exploited by a remote attacker to cause a denial-of-service by sending a specially crafted web request. The attack can be triggered with either an unauthenticated or authenticated request, leading to downtime for the management portal.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tp-Link Tl-R600Vpn