Details of VAR-201908-0587

ID

VAR-201908-0587

CVE

CVE-2019-13266

TITLE

TP-Link Archer C3200 V1 and Archer C2 V1 Vulnerability related to input validation on devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-008819

DESCRIPTION

TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field. The TP-Link Archer C3200 and Archer C2 are both wireless routers from China's TP-Link. The vulnerability stems from the fact that the program does not fully isolate the host network and guest network on the same device

Trust: 2.25

sources: NVD: CVE-2019-13266 // JVNDB: JVNDB-2019-008819 // CNVD: CNVD-2019-31311 // VULHUB: VHN-145095

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-31311

AFFECTED PRODUCTS

vendor:	tp link	model:	archer c2 v1	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	archer c3200 v1	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	archer c2	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	archer c3200	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	archer c3200	scope:	eq	version:	v1	Trust: 0.6
vendor:	tp link	model:	archer c2	scope:	eq	version:	v1	Trust: 0.6

sources: CNVD: CNVD-2019-31311 // JVNDB: JVNDB-2019-008819 // NVD: CVE-2019-13266

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-13266
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-13266
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-31311
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201908-2077
value:	HIGH
Trust: 0.6
VULHUB:	VHN-145095
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-13266
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-31311
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-145095
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-13266
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-31311 // VULHUB: VHN-145095 // JVNDB: JVNDB-2019-008819 // CNNVD: CNNVD-201908-2077 // NVD: CVE-2019-13266

PROBLEMTYPE DATA

problemtype:	CWE-669	Trust: 1.1
problemtype:	CWE-20	Trust: 0.9

sources: VULHUB: VHN-145095 // JVNDB: JVNDB-2019-008819 // NVD: CVE-2019-13266

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201908-2077

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201908-2077

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008819

PATCH

title:	Archer C2	url:	https://www.tp-link.com/us/home-networking/wifi-router/archer-c2/	Trust: 0.8
title:	Archer C3200	url:	https://www.tp-link.com/us/home-networking/wifi-router/archer-c3200/	Trust: 0.8

sources: JVNDB: JVNDB-2019-008819

EXTERNAL IDS

db:	NVD	id:	CVE-2019-13266	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-008819	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-2077	Trust: 0.7
db:	CNVD	id:	CNVD-2019-31311	Trust: 0.6
db:	VULHUB	id:	VHN-145095	Trust: 0.1

sources: CNVD: CNVD-2019-31311 // VULHUB: VHN-145095 // JVNDB: JVNDB-2019-008819 // CNNVD: CNNVD-201908-2077 // NVD: CVE-2019-13266

REFERENCES

url:	https://www.usenix.org/system/files/woot19-paper_ovadia.pdf	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13266	Trust: 2.0
url:	https://orenlab.sise.bgu.ac.il/publications/crossrouter	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13266	Trust: 0.8

sources: CNVD: CNVD-2019-31311 // VULHUB: VHN-145095 // JVNDB: JVNDB-2019-008819 // CNNVD: CNNVD-201908-2077 // NVD: CVE-2019-13266

SOURCES

db:	CNVD	id:	CNVD-2019-31311
db:	VULHUB	id:	VHN-145095
db:	JVNDB	id:	JVNDB-2019-008819
db:	CNNVD	id:	CNNVD-201908-2077
db:	NVD	id:	CVE-2019-13266

LAST UPDATE DATE

2024-11-23T23:11:45.841000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-31311	date:	2019-09-12T00:00:00
db:	VULHUB	id:	VHN-145095	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-008819	date:	2019-09-06T00:00:00
db:	CNNVD	id:	CNNVD-201908-2077	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-13266	date:	2024-11-21T04:24:34.910

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-31311	date:	2019-09-11T00:00:00
db:	VULHUB	id:	VHN-145095	date:	2019-08-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-008819	date:	2019-09-06T00:00:00
db:	CNNVD	id:	CNNVD-201908-2077	date:	2019-08-27T00:00:00
db:	NVD	id:	CVE-2019-13266	date:	2019-08-27T18:15:10.827