Talos Tp-Link vulnerabilities
3 known vulnerabilities affecting talos/tp-link.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
HIGH3
Vulnerabilities
Page 1 of 1
CVE-2018-3949P2HIGHCVSS 7.5ExploitedvTP-Link TL-R600VPN HWv3 FRNv1.3.0 TP-Link TL-R600VPN HWv2 FRNv1.2.32018-12-01
CVE-2018-3949 [HIGH] CWE-22 CVE-2018-3949: An exploitable information disclosure vulnerability exists in the HTTP server functionality of the T
An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an authenticated web request to trigger this vulnerability.
nvd
CVE-2018-3950P3HIGHCVSS 8.8vTP-Link TL-R600VPN HWv3 FRNv1.3.0 TP-Link TL-R600VPN HWv2 FRNv1.2.32018-12-01
CVE-2018-3950 [HIGH] CWE-787 CVE-2018-3950: An exploitable remote code execution vulnerability exists in the ping and tracert functionality of t
An exploitable remote code execution vulnerability exists in the ping and tracert functionality of the TP-Link TL-R600VPN HWv3 FRNv1.3.0 and HWv2 FRNv1.2.3 http server. A specially crafted IP address can cause a stack overflow, resulting in remote code execution. An attacker can send a single authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2018-3951P3HIGHCVSS 7.2vTP-Link TL-R600VPN HWv3 FRNv1.3.02018-12-01
CVE-2018-3951 [HIGH] CWE-119 CVE-2018-3951: An exploitable remote code execution vulnerability exists in the HTTP header-parsing function of the
An exploitable remote code execution vulnerability exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server. A specially crafted HTTP request can cause a buffer overflow, resulting in remote code execution on the device. An attacker can send an authenticated HTTP request to trigger this vulnerability.
nvd