Details of VAR-201811-0489

ID

VAR-201811-0489

CVE

CVE-2018-3948

TITLE

TP-Link TL-R600VPN HTTP Server input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-012635

DESCRIPTION

An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either an unauthenticated or authenticated web request to trigger this vulnerability. TP-Link TL-R600VPN HTTP The server contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TP-LinkTL-R600VPN is an enterprise router of China TP-LINK. HTTPServer is one of the HTTP servers

Trust: 2.16

sources: NVD: CVE-2018-3948 // JVNDB: JVNDB-2018-012635 // CNVD: CNVD-2018-23627

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-23627

AFFECTED PRODUCTS

vendor:	tp link	model:	tl-r600vpn	scope:	eq	version:	1.3.0	Trust: 1.6
vendor:	tp link	model:	tl-r600vpn	scope:	eq	version:	1.2.3	Trust: 1.6
vendor:	tp link	model:	tl-r600vpn	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	tl-r600vpn hwv3 frnv1.3.0	scope:	-	version:	-	Trust: 0.6
vendor:	tp link	model:	tl-r600vpn hwv2 frnv1.2.3	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2018-23627 // JVNDB: JVNDB-2018-012635 // CNNVD: CNNVD-201811-624 // NVD: CVE-2018-3948

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-3948
value:	HIGH
Trust: 1.0
talos-cna@cisco.com:	CVE-2018-3948
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-3948
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-23627
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201811-624
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2018-3948
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-23627
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

talos-cna@cisco.com:	CVE-2018-3948
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2018-3948
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2018-23627 // JVNDB: JVNDB-2018-012635 // CNNVD: CNNVD-201811-624 // NVD: CVE-2018-3948 // NVD: CVE-2018-3948

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2018-012635 // NVD: CVE-2018-3948

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-624

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201811-624

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-012635

PATCH

title:	TL-R600VPN	url:	https://www.tp-link.com/us/products/details/cat-4909_TL-R600VPN.html	Trust: 0.8
title:	TP-LinkTL-R600VPNHTTPServer denial of service vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/145073	Trust: 0.6
title:	TP-Link TL-R600VPN HTTP Server Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86961	Trust: 0.6

sources: CNVD: CNVD-2018-23627 // JVNDB: JVNDB-2018-012635 // CNNVD: CNNVD-201811-624

EXTERNAL IDS

db:	NVD	id:	CVE-2018-3948	Trust: 3.0
db:	TALOS	id:	TALOS-2018-0617	Trust: 3.0
db:	JVNDB	id:	JVNDB-2018-012635	Trust: 0.8
db:	CNVD	id:	CNVD-2018-23627	Trust: 0.6
db:	CNNVD	id:	CNNVD-201811-624	Trust: 0.6

sources: CNVD: CNVD-2018-23627 // JVNDB: JVNDB-2018-012635 // CNNVD: CNNVD-201811-624 // NVD: CVE-2018-3948

REFERENCES

url:	https://talosintelligence.com/vulnerability_reports/talos-2018-0617	Trust: 2.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3948	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-3948	Trust: 0.8
url:	https://www.talosintelligence.com/vulnerability_reports/talos-2018-0617	Trust: 0.6

sources: CNVD: CNVD-2018-23627 // JVNDB: JVNDB-2018-012635 // CNNVD: CNNVD-201811-624 // NVD: CVE-2018-3948

SOURCES

db:	CNVD	id:	CNVD-2018-23627
db:	JVNDB	id:	JVNDB-2018-012635
db:	CNNVD	id:	CNNVD-201811-624
db:	NVD	id:	CVE-2018-3948

LAST UPDATE DATE

2024-08-14T15:23:16.317000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-23627	date:	2018-11-22T00:00:00
db:	JVNDB	id:	JVNDB-2018-012635	date:	2019-02-06T00:00:00
db:	CNNVD	id:	CNNVD-201811-624	date:	2022-04-20T00:00:00
db:	NVD	id:	CVE-2018-3948	date:	2023-02-03T18:29:06.147

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-23627	date:	2018-11-22T00:00:00
db:	JVNDB	id:	JVNDB-2018-012635	date:	2019-02-06T00:00:00
db:	CNNVD	id:	CNNVD-201811-624	date:	2018-11-21T00:00:00
db:	NVD	id:	CVE-2018-3948	date:	2018-11-30T17:29:00.410