CVE-2018-3949

Name of the Vulnerable Software and Affected Versions TP-Link TL-R600VPN (affected versions not specified)

Description The issue is related to an information disclosure vulnerability in the HTTP server functionality. It can be triggered by a specially crafted URL, causing a directory traversal and resulting in the disclosure of sensitive system files. An attacker can exploit this by sending either an unauthenticated or an authenticated web request. The vulnerability is due to incorrect restriction of a directory path name with limited access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.