ID

VAR-201811-0489


CVE

CVE-2018-3948


TITLE

TP-Link TL-R600VPN HTTP Server input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-012635

DESCRIPTION

An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either an unauthenticated or authenticated web request to trigger this vulnerability. TP-Link TL-R600VPN HTTP The server contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TP-LinkTL-R600VPN is an enterprise router of China TP-LINK. HTTPServer is one of the HTTP servers

Trust: 2.16

sources: NVD: CVE-2018-3948 // JVNDB: JVNDB-2018-012635 // CNVD: CNVD-2018-23627

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-23627

AFFECTED PRODUCTS

vendor:tp linkmodel:tl-r600vpnscope:eqversion:1.3.0

Trust: 1.6

vendor:tp linkmodel:tl-r600vpnscope:eqversion:1.2.3

Trust: 1.6

vendor:tp linkmodel:tl-r600vpnscope: - version: -

Trust: 0.8

vendor:tp linkmodel:tl-r600vpn hwv3 frnv1.3.0scope: - version: -

Trust: 0.6

vendor:tp linkmodel:tl-r600vpn hwv2 frnv1.2.3scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-23627 // JVNDB: JVNDB-2018-012635 // CNNVD: CNNVD-201811-624 // NVD: CVE-2018-3948

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-3948
value: HIGH

Trust: 1.0

talos-cna@cisco.com: CVE-2018-3948
value: HIGH

Trust: 1.0

NVD: CVE-2018-3948
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-23627
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201811-624
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2018-3948
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-23627
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

talos-cna@cisco.com: CVE-2018-3948
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2018-3948
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2018-23627 // JVNDB: JVNDB-2018-012635 // CNNVD: CNNVD-201811-624 // NVD: CVE-2018-3948 // NVD: CVE-2018-3948

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2018-012635 // NVD: CVE-2018-3948

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-624

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201811-624

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-012635

PATCH

title:TL-R600VPNurl:https://www.tp-link.com/us/products/details/cat-4909_TL-R600VPN.html

Trust: 0.8

title:TP-LinkTL-R600VPNHTTPServer denial of service vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/145073

Trust: 0.6

title:TP-Link TL-R600VPN HTTP Server Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86961

Trust: 0.6

sources: CNVD: CNVD-2018-23627 // JVNDB: JVNDB-2018-012635 // CNNVD: CNNVD-201811-624

EXTERNAL IDS

db:NVDid:CVE-2018-3948

Trust: 3.0

db:TALOSid:TALOS-2018-0617

Trust: 3.0

db:JVNDBid:JVNDB-2018-012635

Trust: 0.8

db:CNVDid:CNVD-2018-23627

Trust: 0.6

db:CNNVDid:CNNVD-201811-624

Trust: 0.6

sources: CNVD: CNVD-2018-23627 // JVNDB: JVNDB-2018-012635 // CNNVD: CNNVD-201811-624 // NVD: CVE-2018-3948

REFERENCES

url:https://talosintelligence.com/vulnerability_reports/talos-2018-0617

Trust: 2.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3948

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-3948

Trust: 0.8

url:https://www.talosintelligence.com/vulnerability_reports/talos-2018-0617

Trust: 0.6

sources: CNVD: CNVD-2018-23627 // JVNDB: JVNDB-2018-012635 // CNNVD: CNNVD-201811-624 // NVD: CVE-2018-3948

SOURCES

db:CNVDid:CNVD-2018-23627
db:JVNDBid:JVNDB-2018-012635
db:CNNVDid:CNNVD-201811-624
db:NVDid:CVE-2018-3948

LAST UPDATE DATE

2024-11-23T22:38:01.905000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-23627date:2018-11-22T00:00:00
db:JVNDBid:JVNDB-2018-012635date:2019-02-06T00:00:00
db:CNNVDid:CNNVD-201811-624date:2022-04-20T00:00:00
db:NVDid:CVE-2018-3948date:2024-11-21T04:06:21.860

SOURCES RELEASE DATE

db:CNVDid:CNVD-2018-23627date:2018-11-22T00:00:00
db:JVNDBid:JVNDB-2018-012635date:2019-02-06T00:00:00
db:CNNVDid:CNNVD-201811-624date:2018-11-21T00:00:00
db:NVDid:CVE-2018-3948date:2018-11-30T17:29:00.410