CVE-2018-3948
published 2018-11-30CVE-2018-3948: An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause…
PriorityP274high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
23.06%
97.5th percentile
An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either an unauthenticated or authenticated web request to trigger this vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tp-link | tl-r600vpn_firmware | — | — |
| tp-link | tl-r600vpn_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort↗
47039-47040
- →Trigger condition: directory traversal attempted on any of the vulnerable URI paths (help, images, frames, dynaform, localization) where the requested resource resolves to a directory rather than a file, causing the HTTP server to enter an infinite loop. ↗
- →The DoS exploit does not require authentication — monitor for unauthenticated HTTP requests containing directory traversal sequences targeting the listed URI prefixes. ↗
- →Affected firmware versions are HWv3 FRNv1.3.0 and HWv2 FRNv1.2.3; use these version strings to scope detection to vulnerable devices. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pf62-mvrg-fj5c: An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server
ghsa_unreviewed·2022-05-13
CVE-2018-3948 [HIGH] CWE-20 GHSA-pf62-mvrg-fj5c: An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server
An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either an unauthenticated or authenticated web request to trigger this vulnerability.
VulnCheck
TP-Link tl-r600vpn_firmware Improper Input Validation
vulncheck·2018·CVSS 7.5
CVE-2018-3948 [HIGH] TP-Link tl-r600vpn_firmware Improper Input Validation
TP-Link tl-r600vpn_firmware Improper Input Validation
An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either an unauthenticated or authenticated web request to trigger this vulnerability.
Affected: TP-Link tl-r600vpn_firmware
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://blog.checkpoint.com/security/december-2021s-most-wanted-malware-trickbot-emotet-and-the-log4j-plague/; https://blog.checkpoint.com/security/april-2022s-most
No detection rules found.
No public exploits indexed.
Talos
The many vulnerabilities Talos discovered in SOHO and industrial wireless routers post-VPNFilter
blogs_talos·2023-08-02
The many vulnerabilities Talos discovered in SOHO and industrial wireless routers post-VPNFilter
## The many vulnerabilities Talos discovered in SOHO and industrial wireless routers post-VPNFilter
Since the discovery of the widespread VPNFilter malware in 2018 , Cisco Talos researchers have been researching vulnerabilities in small and home office (SOHO) and industrial routers.
During that research, Talos has worked with vendors to report and mitigate these vulnerabilities, totaling 141 advisories covering 289 CVEs across multiple routers.
Talos is highlighting some of the major issues our researchers discovered over the past several years, including vulnerabilities that an attacker could mostly directly access or those an adversary could chain together to gain elevated access to the devices.
There are several Snort rules that can detect possible exploitation of the vulnerabilitie
Talos
The many vulnerabilities Talos discovered in SOHO and industrial wireless routers post-VPNFilter
blogs_talos·2023-08-02
The many vulnerabilities Talos discovered in SOHO and industrial wireless routers post-VPNFilter
- Since the discovery of the widespread VPNFilter malware in 2018, Cisco Talos researchers have been researching vulnerabilities in small and home office (SOHO) and industrial routers.
- During that research, Talos has worked with vendors to report and mitigate these vulnerabilities, totaling 141 advisories covering 289 CVEs across multiple routers.
- Talos is highlighting some of the major issues our researchers discovered over the past several years, including vulnerabilities that an attacker could mostly directly access or those an adversary could chain together to gain elevated access to the devices.
- There are several Snort rules that can detect possible exploitation of the vulnerabilities included in this post.
Small office/home office (SOHO) routers and small-scale industrial rout
Talos
Vulnerability Spotlight: Multiple remote vulnerabilities in TP-Link TL-R600VPN
blogs_talos·2018-11-19·CVSS 7.5
[HIGH] Vulnerability Spotlight: Multiple remote vulnerabilities in TP-Link TL-R600VPN
Vulnerabilities discovered by Carl Hurd and Jared Rittle of Cisco Talos.
Cisco Talos is disclosing multiple vulnerabilities in the TP-Link TL-R600VPN router. TP-Link produces a number of different types of small and home office (SOHO) routers. Talos discovered several bugs in this particular router model that could lead to remote code execution.
## Overview
There are two root causes of the vulnerabilities: a lack of input sanitisation and parsing errors. The lack of proper input sanitisation leads the vulnerabilities TALOS-2018-0617/18, which can be exploited without authentication. Parsing errors are responsible for the vulnerabilities TALOS-2018-0619/20. However, these can only be exploited with an authenticated session. The remote code execution is done under the context of HTTPD How
Talos
Vulnerability Spotlight: Multiple remote vulnerabilities in TP-Link TL-R600VPN
blogs_talos·2018-11-19·CVSS 7.5
[HIGH] Vulnerability Spotlight: Multiple remote vulnerabilities in TP-Link TL-R600VPN
## Vulnerability Spotlight: Multiple remote vulnerabilities in TP-Link TL-R600VPN
Vulnerabilities discovered by Carl Hurd and Jared Rittle of Cisco Talos. Cisco Talos is disclosing multiple vulnerabilities in the TP-Link TL-R600VPN router. TP-Link produces a number of different types of small and home office (SOHO) routers. Talos discovered several bugs in this particular router model that could lead to remote code execution.
## Overview
There are two root causes of the vulnerabilities: a lack of input sanitisation and parsing errors. The lack of proper input sanitisation leads the vulnerabilities TALOS-2018-0617/18, which can be exploited without authentication. Parsing errors are responsible for the vulnerabilities TALOS-2018-0619/20. However, these can only be exploited with an authe
2018-11-30
Published
Exploited in the wild