cbcvebase.

Tp-Link Tl-R600Vpn Firmware vulnerabilities

3 known vulnerabilities affecting tp-link/tl-r600vpn_firmware.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
2
Severity breakdown
HIGH3

Vulnerabilities

Page 1 of 1
CVE-2018-3949P2HIGHCVSS 7.5Exploitedv1.3.0v1.2.32018-12-01
CVE-2018-3949 [HIGH] CWE-22 CVE-2018-3949: An exploitable information disclosure vulnerability exists in the HTTP server functionality of the T An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an authenticated web request to trigger this vulnerability.
nvd
CVE-2018-3948P2HIGHCVSS 7.5Exploitedv1.3.0v1.2.32018-11-30
CVE-2018-3948 [HIGH] CWE-20 CVE-2018-3948: An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Lin An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either an unauthenticated or authenticated web request to trigger this vulnerabilit
nvd
CVE-2018-3950P3HIGHCVSS 8.8v1.3.0v1.2.32018-12-01
CVE-2018-3950 [HIGH] CWE-787 CVE-2018-3950: An exploitable remote code execution vulnerability exists in the ping and tracert functionality of t An exploitable remote code execution vulnerability exists in the ping and tracert functionality of the TP-Link TL-R600VPN HWv3 FRNv1.3.0 and HWv2 FRNv1.2.3 http server. A specially crafted IP address can cause a stack overflow, resulting in remote code execution. An attacker can send a single authenticated HTTP request to trigger this vulnerability.
nvd
Tp-Link Tl-R600Vpn Firmware vulnerabilities | cvebase