Details of VAR-201204-0036

ID

VAR-201204-0036

CVE

CVE-2012-2440

TITLE

TP-Link 8840T DSL Router Security Bypass Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2012-1752 // BID: 52852

DESCRIPTION

The default configuration of the TP-Link 8840T router enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors. TP-Link 8840T Has a problem with the remote management feature enabled by default. ADSL It is a router with a built-in modem TP-Link 8840T Since the remote management function is enabled by default, the management screen may be accessed from the outside.A remote attacker may access the product management screen and change the settings. The TP-Link 8840T is a DSL router. Unauthenticated remote attackers can bypass the security restrictions to access the WEB interface. TP-Link 8840T is prone to a security-bypass vulnerability

Trust: 3.51

sources: NVD: CVE-2012-2440 // CERT/CC: VU#834723 // JVNDB: JVNDB-2012-001990 // CNVD: CNVD-2012-1752 // BID: 52852 // BID: 78202 // VULHUB: VHN-55721

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2012-1752

AFFECTED PRODUCTS

vendor:	tp link	model:	8840t	scope:	eq	version:	-	Trust: 1.9
vendor:	tp link	model:	8840t	scope:	eq	version:	0	Trust: 0.9
vendor:	tp link	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	tp-link 8840t	scope:	-	version:	-	Trust: 0.8

sources: CERT/CC: VU#834723 // CNVD: CNVD-2012-1752 // BID: 52852 // BID: 78202 // JVNDB: JVNDB-2012-001990 // CNNVD: CNNVD-201204-541 // NVD: CVE-2012-2440

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-2440
value:	HIGH
Trust: 1.0
NVD:	CVE-2012-2440
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201204-541
value:	HIGH
Trust: 0.6
VULHUB:	VHN-55721
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2012-2440
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-55721
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-55721 // JVNDB: JVNDB-2012-001990 // CNNVD: CNNVD-201204-541 // NVD: CVE-2012-2440

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-55721 // JVNDB: JVNDB-2012-001990 // NVD: CVE-2012-2440

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201204-095 // CNNVD: CNNVD-201204-541

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201204-541

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-001990

PATCH

title:

Top Page

url:

http://www.tp-link.com/en/

Trust: 0.8

sources: JVNDB: JVNDB-2012-001990

EXTERNAL IDS

db:	CERT/CC	id:	VU#834723	Trust: 4.5
db:	NVD	id:	CVE-2012-2440	Trust: 2.8
db:	BID	id:	52852	Trust: 1.5
db:	JVNDB	id:	JVNDB-2012-001990	Trust: 0.8
db:	CNNVD	id:	CNNVD-201204-541	Trust: 0.7
db:	CNVD	id:	CNVD-2012-1752	Trust: 0.6
db:	CNNVD	id:	CNNVD-201204-095	Trust: 0.6
db:	BID	id:	78202	Trust: 0.4
db:	XF	id:	74624	Trust: 0.3
db:	VULHUB	id:	VHN-55721	Trust: 0.1

sources: CERT/CC: VU#834723 // CNVD: CNVD-2012-1752 // VULHUB: VHN-55721 // BID: 52852 // BID: 78202 // JVNDB: JVNDB-2012-001990 // CNNVD: CNNVD-201204-095 // CNNVD: CNNVD-201204-541 // NVD: CVE-2012-2440

REFERENCES

url:	http://www.kb.cert.org/vuls/id/834723	Trust: 3.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/74624	Trust: 1.1
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2440	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu834723/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2440	Trust: 0.8
url:	http://www.securityfocus.com/bid/52852	Trust: 0.6
url:	http://www.tp-link.com/en/support/download/?model=tl-wr740n	Trust: 0.3
url:	http://xforce.iss.net/xforce/xfdb/74624	Trust: 0.3

CREDITS

Jakob Lell

Trust: 0.9

sources: BID: 52852 // CNNVD: CNNVD-201204-095

SOURCES

db:	CERT/CC	id:	VU#834723
db:	CNVD	id:	CNVD-2012-1752
db:	VULHUB	id:	VHN-55721
db:	BID	id:	52852
db:	BID	id:	78202
db:	JVNDB	id:	JVNDB-2012-001990
db:	CNNVD	id:	CNNVD-201204-095
db:	CNNVD	id:	CNNVD-201204-541
db:	NVD	id:	CVE-2012-2440

LAST UPDATE DATE

2025-04-11T23:09:59.185000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#834723	date:	2013-04-03T00:00:00
db:	CNVD	id:	CNVD-2012-1752	date:	2012-04-06T00:00:00
db:	VULHUB	id:	VHN-55721	date:	2017-08-29T00:00:00
db:	BID	id:	52852	date:	2012-04-02T00:00:00
db:	BID	id:	78202	date:	2012-04-27T00:00:00
db:	JVNDB	id:	JVNDB-2012-001990	date:	2012-05-01T00:00:00
db:	CNNVD	id:	CNNVD-201204-095	date:	2012-04-10T00:00:00
db:	CNNVD	id:	CNNVD-201204-541	date:	2012-04-28T00:00:00
db:	NVD	id:	CVE-2012-2440	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#834723	date:	2012-04-02T00:00:00
db:	CNVD	id:	CNVD-2012-1752	date:	2012-04-06T00:00:00
db:	VULHUB	id:	VHN-55721	date:	2012-04-28T00:00:00
db:	BID	id:	52852	date:	2012-04-02T00:00:00
db:	BID	id:	78202	date:	2012-04-27T00:00:00
db:	JVNDB	id:	JVNDB-2012-001990	date:	2012-04-05T00:00:00
db:	CNNVD	id:	CNNVD-201204-095	date:	2012-04-10T00:00:00
db:	CNNVD	id:	CNNVD-201204-541	date:	2012-04-28T00:00:00
db:	NVD	id:	CVE-2012-2440	date:	2012-04-28T00:55:01.313