Tp-Link C20I Firmware vulnerabilities
4 known vulnerabilities affecting tp-link/c20i_firmware.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2017-8220P2CRITICALCVSS 9.9≤ 0.9.1_4.2_v0032.0_build_1607062017-04-25
CVE-2017-8220 [CRITICAL] CWE-78 CVE-2017-8220: TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data.
nvd
CVE-2017-8218P2CRITICALCVSS 9.8≤ 0.9.1_4.2_v0032.0_build_1607062017-04-25
CVE-2017-8218 [CRITICAL] CWE-1188 CVE-2017-8218: vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has
vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, and a backdoor test account with the test password.
nvd
CVE-2017-8219P4MEDIUMCVSS 6.5≤ 0.9.1_4.2_v0032.0_build_1607062017-04-25
CVE-2017-8219 [MEDIUM] CWE-20 CVE-2017-8219: TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI.
nvd
CVE-2017-8217P4MEDIUMCVSS 5.3≤ 0.9.1_4.2_v0032.0_build_1607062017-04-25
CVE-2017-8217 [MEDIUM] CWE-862 CVE-2017-8217: TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too perm
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface.
nvd