cbcvebase.
CVE-2018-3948
published 2018-11-30

CVE-2018-3948: An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause…

PriorityP274high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
23.06%
97.5th percentile
An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either an unauthenticated or authenticated web request to trigger this vulnerability.

Affected

2 ranges
VendorProductVersion rangeFixed in
tp-linktl-r600vpn_firmware
tp-linktl-r600vpn_firmware

Detection & IOCsextracted from sources · hover to see the quote

snort
47039-47040
  • Trigger condition: directory traversal attempted on any of the vulnerable URI paths (help, images, frames, dynaform, localization) where the requested resource resolves to a directory rather than a file, causing the HTTP server to enter an infinite loop.
  • The DoS exploit does not require authentication — monitor for unauthenticated HTTP requests containing directory traversal sequences targeting the listed URI prefixes.
  • Affected firmware versions are HWv3 FRNv1.3.0 and HWv2 FRNv1.2.3; use these version strings to scope detection to vulnerable devices.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.