PT-2018-3321 · Tp Link · Tp-Link Tl-R600Vpn
Published
2018-11-19
·
Updated
2023-02-03
·
CVE-2018-3951
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
TP-Link TL-R600VPN (affected versions not specified)
Description
A remote code execution issue exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server. This is caused by a buffer overflow when a specially crafted HTTP request is sent, allowing an attacker to execute arbitrary code on the device. The vulnerability can be triggered by sending an authenticated HTTP request.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tp-Link Tl-R600Vpn