SB2018112001 - Multiple vulnerabilities in TP-Link TL-R600VPN

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018112001

SB2018112001 - Multiple vulnerabilities in TP-Link TL-R600VPN

Published: November 20, 2018

Security Bulletin ID SB2018112001
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 vulnerabilities.


1) Infinite loop (CVE-ID: CVE-2018-3948)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to infinite loop condition in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server when handling malicious input. A remote attacker can supply a specially crafted URL and cause the server to stop responding to requests, resulting in downtime for the management portal.

2) Path traversal (CVE-ID: CVE-2018-3949)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to conduct directory traversal attack on the target system.

The weakness exists due to an error in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server when handling malicious input. A remote attacker can supply a specially crafted URL, conduct directory traversal attack and access important data.

3) Stack-based buffer overflow (CVE-ID: CVE-2018-3950)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote administrative attacker to execute arbitrary code on the target system.

The weakness exists due to stack-based buffer overflow in the ping and tracert functionality of the TP-Link TL-R600VPN HTTP server when handling malicious input. A remote attacker can supply a specially crafted IP address, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

4) Buffer overflow (CVE-ID: CVE-2018-3951)

CWE-ID: CWE-120 - Buffer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote administrative attacker to execute arbitrary code on the target system.

The weakness exists due to buffer overflow in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP server when handling malicious input. A remote attacker can supply a specially crafted HTTP request, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

References