Sign-up

ID

VAR-E-201702-0419


TITLE

Multiple TP-Link Routers Multiple Security Vulnerabilities

Trust: 0.3

sources: BID: 96179

DESCRIPTION

Multiple TP-Link Routers are prone to the following security vulnerabilities:
1. A denial-of-service vulnerability
2. A security-bypass vulnerability
3. A command-injection vulnerability
An attacker can exploit these issues to bypass certain security restrictions and perform unauthorized actions, cause denial-of-service conditions or to execute arbitrary commands with user privileges in context of the affected application.
The following products are vulnerable:
TP-Link Archer C2 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n.
TP-Link Archer C20i 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n.

Trust: 0.3

sources: BID: 96179

AFFECTED PRODUCTS

vendor:tp linkmodel:archer c20i build rel.37scope:eqversion:0.9.14.2v0032.0160706

Trust: 0.3

vendor:tp linkmodel:archer c2 build rel.379scope:eqversion:0.9.14.2v0032.0160706

Trust: 0.3

sources: BID: 96179

EXPLOIT

The researcher has created a proof-of-concept to demonstrate these issues. Please see the references for more information.

Trust: 0.3

sources: BID: 96179

PRICE

Free

Trust: 0.3

sources: BID: 96179

TYPE

Boundary Condition Error

Trust: 0.3

sources: BID: 96179

CREDITS

Pierre Kim.

Trust: 0.3

sources: BID: 96179

EXTERNAL IDS

db:BIDid:96179

Trust: 0.3

sources: BID: 96179

REFERENCES

url:http://www.tp-link.com/en/

Trust: 0.3

url:https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html

Trust: 0.3

sources: BID: 96179

SOURCES

db:BIDid:96179

LAST UPDATE DATE

2022-07-27T09:35:07.908000+00:00


SOURCES UPDATE DATE

db:BIDid:96179date:2017-03-07T04:02:00

SOURCES RELEASE DATE

db:BIDid:96179date:2017-02-09T00:00:00