Sign-up

ID

VAR-201704-1323


CVE

CVE-2017-8217


TITLE

TP-Link C2 and C20i Vulnerabilities related to security functions in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-003636

DESCRIPTION

TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface. TP-Link C2 and C20i The device firmware contains vulnerabilities related to security functions.Information may be tampered with. TP-LinkC2 and C20i are router devices of China Pulian. TP-LinkC2 and C20i have security bypass vulnerabilities that can be exploited by remote attackers to submit special requests to bypass security restrictions and perform unauthorized operations. There is no more detailed information about this vulnerability yet, please keep an eye on CNNVD or vendor announcements

Trust: 2.25

sources: NVD: CVE-2017-8217 // JVNDB: JVNDB-2017-003636 // CNVD: CNVD-2017-06225 // VULHUB: VHN-116420

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-06225

AFFECTED PRODUCTS

vendor:tp linkmodel:c20iscope:lteversion:0.9.1_4.2_v0032.0_build_160706

Trust: 1.0

vendor:tp linkmodel:c2scope:lteversion:0.9.1_4.2_v0032.0_build_160706

Trust: 1.0

vendor:tp linkmodel:c2scope:lteversion:0.9.1 4.2 v0032.0 build 160706 rel.37961n

Trust: 0.8

vendor:tp linkmodel:c20iscope:lteversion:0.9.1 4.2 v0032.0 build 160706 rel.37961n

Trust: 0.8

vendor:tp linkmodel:c2scope: - version: -

Trust: 0.6

vendor:tp linkmodel:c20iscope: - version: -

Trust: 0.6

vendor:tp linkmodel:c2scope:eqversion:0.9.1_4.2_v0032.0_build_160706

Trust: 0.6

vendor:tp linkmodel:c20iscope:eqversion:0.9.1_4.2_v0032.0_build_160706

Trust: 0.6

sources: CNVD: CNVD-2017-06225 // JVNDB: JVNDB-2017-003636 // CNNVD: CNNVD-201704-1461 // NVD: CVE-2017-8217

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8217
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-8217
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-06225
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201704-1461
value: MEDIUM

Trust: 0.6

VULHUB: VHN-116420
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-8217
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-06225
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-116420
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-8217
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-06225 // VULHUB: VHN-116420 // JVNDB: JVNDB-2017-003636 // CNNVD: CNNVD-201704-1461 // NVD: CVE-2017-8217

PROBLEMTYPE DATA

problemtype:CWE-862

Trust: 1.1

problemtype:CWE-254

Trust: 0.9

sources: VULHUB: VHN-116420 // JVNDB: JVNDB-2017-003636 // NVD: CVE-2017-8217

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-1461

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201704-1461

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-003636

PATCH
title:Details - CVE-2017-8217 - Permissive Iptables rulesurl:https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html
Trust: 0.8
title:TP-LinkC2 and C20iCVE-2017-8217 security bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/93373
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-06225 // 
            
            
            
            JVNDB: JVNDB-2017-003636

EXTERNAL IDS
db:NVDid:CVE-2017-8217
Trust: 3.1
db:JVNDBid:JVNDB-2017-003636
Trust: 0.8
db:CNNVDid:CNNVD-201704-1461
Trust: 0.7
db:CNVDid:CNVD-2017-06225
Trust: 0.6
db:VULHUBid:VHN-116420
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-06225 // 
            
            
            
            VULHUB: VHN-116420 // 
            
            
            
            JVNDB: JVNDB-2017-003636 // 
            
            
            
            CNNVD: CNNVD-201704-1461 // 
            
            
            
            NVD: CVE-2017-8217

REFERENCES
url:https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2017-8217
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8217
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2017-06225 // 
            
            
            
            VULHUB: VHN-116420 // 
            
            
            
            JVNDB: JVNDB-2017-003636 // 
            
            
            
            CNNVD: CNNVD-201704-1461 // 
            
            
            
            NVD: CVE-2017-8217

SOURCES
db:CNVDid:CNVD-2017-06225
db:VULHUBid:VHN-116420
db:JVNDBid:JVNDB-2017-003636
db:CNNVDid:CNNVD-201704-1461
db:NVDid:CVE-2017-8217

LAST UPDATE DATE
2025-04-20T23:38:31.923000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-06225date:2017-05-10T00:00:00
db:VULHUBid:VHN-116420date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2017-003636date:2017-06-01T00:00:00
db:CNNVDid:CNNVD-201704-1461date:2020-10-23T00:00:00
db:NVDid:CVE-2017-8217date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-06225date:2017-05-09T00:00:00
db:VULHUBid:VHN-116420date:2017-04-25T00:00:00
db:JVNDBid:JVNDB-2017-003636date:2017-06-01T00:00:00
db:CNNVDid:CNNVD-201704-1461date:2017-04-27T00:00:00
db:NVDid:CVE-2017-8217date:2017-04-25T20:59:00.163