Buffer overflow in TL-R600VPN - CVE-2018-3951
Published: November 20, 2018
Vulnerability identifier: #VU15966
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2018-3951
CWE-ID: CWE-120
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: TP-Link
Affected software:
TL-R600VPN
TL-R600VPN
Detailed vulnerability description
The vulnerability allows a remote administrative attacker to execute arbitrary code on the target system.
The weakness exists due to buffer overflow in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP server when handling malicious input. A remote attacker can supply a specially crafted HTTP request, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to buffer overflow in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP server when handling malicious input. A remote attacker can supply a specially crafted HTTP request, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2018-3951
Update to version 4.0.