SB2018112001 - Multiple vulnerabilities in TP-Link TL-R600VPN

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018112001

SB2018112001 - Multiple vulnerabilities in TP-Link TL-R600VPN

Published: November 20, 2018

Security Bulletin ID SB2018112001
Severity
Medium
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Infinite loop (CVE-ID: CVE-2018-3948)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to infinite loop condition in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server when handling malicious input. A remote attacker can supply a specially crafted URL and cause the server to stop responding to requests, resulting in downtime for the management portal.

2) Path traversal (CVE-ID: CVE-2018-3949)

The vulnerability allows a remote attacker to conduct directory traversal attack on the target system.

The weakness exists due to an error in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server when handling malicious input. A remote attacker can supply a specially crafted URL, conduct directory traversal attack and access important data.

3) Stack-based buffer overflow (CVE-ID: CVE-2018-3950)

The vulnerability allows a remote administrative attacker to execute arbitrary code on the target system.

The weakness exists due to stack-based buffer overflow in the ping and tracert functionality of the TP-Link TL-R600VPN HTTP server when handling malicious input. A remote attacker can supply a specially crafted IP address, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

4) Buffer overflow (CVE-ID: CVE-2018-3951)

The vulnerability allows a remote administrative attacker to execute arbitrary code on the target system.

The weakness exists due to buffer overflow in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP server when handling malicious input. A remote attacker can supply a specially crafted HTTP request, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

References