Sign-up

ID

VAR-201704-1325


CVE

CVE-2017-8219


TITLE

TP-Link C2 and C20i Vulnerability related to input validation in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-003638

DESCRIPTION

TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI. TP-Link C2 and C20i There is an input validation vulnerability in the device firmware.Service operation interruption (DoS) An attack may be carried out. TP-Link is a Chinese network equipment manufacturer such as routers and IOT equipment. A denial of service vulnerability exists in TP-LinkC2 and C20i. An attacker could exploit the vulnerability by sending an HTTP request to the affected device, causing the HTTP server to crash, causing a denial of service. Both TP-Link C2 and C20i are routers manufactured by China Pulian (TP-LINK). TP-Link C2 and C20i with 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n and earlier firmware have security vulnerabilities

Trust: 2.25

sources: NVD: CVE-2017-8219 // JVNDB: JVNDB-2017-003638 // CNVD: CNVD-2017-01738 // VULHUB: VHN-116422

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-01738

AFFECTED PRODUCTS

vendor:tp linkmodel:c20iscope:lteversion:0.9.1_4.2_v0032.0_build_160706

Trust: 1.0

vendor:tp linkmodel:c2scope:lteversion:0.9.1_4.2_v0032.0_build_160706

Trust: 1.0

vendor:tp linkmodel:c2scope:lteversion:0.9.1 4.2 v0032.0 build 160706 rel.37961n

Trust: 0.8

vendor:tp linkmodel:c20iscope:lteversion:0.9.1 4.2 v0032.0 build 160706 rel.37961n

Trust: 0.8

vendor:tp linkmodel:c2scope: - version: -

Trust: 0.6

vendor:tp linkmodel:c20iscope: - version: -

Trust: 0.6

vendor:tp linkmodel:c2scope:eqversion:0.9.1_4.2_v0032.0_build_160706

Trust: 0.6

vendor:tp linkmodel:c20iscope:eqversion:0.9.1_4.2_v0032.0_build_160706

Trust: 0.6

sources: CNVD: CNVD-2017-01738 // JVNDB: JVNDB-2017-003638 // NVD: CVE-2017-8219 // CNNVD: CNNVD-201704-1459

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2017-8219
value: MEDIUM

Trust: 1.8

CNVD: CNVD-2017-01738
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201704-1459
value: MEDIUM

Trust: 0.6

VULHUB: VHN-116422
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2017-8219
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2017-01738
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-116422
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: CVE-2017-8219
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-01738 // VULHUB: VHN-116422 // JVNDB: JVNDB-2017-003638 // NVD: CVE-2017-8219 // CNNVD: CNNVD-201704-1459

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-116422 // JVNDB: JVNDB-2017-003638 // NVD: CVE-2017-8219

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-1459

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201704-1459

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2017-8219

PATCH
title:Details - CVE-2017-8219 - DoSing the HTTP serverurl:https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-003638

EXTERNAL IDS
db:NVDid:CVE-2017-8219
Trust: 3.1
db:JVNDBid:JVNDB-2017-003638
Trust: 0.8
db:CNNVDid:CNNVD-201704-1459
Trust: 0.7
db:PACKETSTORMid:140992
Trust: 0.6
db:CNVDid:CNVD-2017-01738
Trust: 0.6
db:VULHUBid:VHN-116422
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-01738 // 
            
            
            
            VULHUB: VHN-116422 // 
            
            
            
            JVNDB: JVNDB-2017-003638 // 
            
            
            
            NVD: CVE-2017-8219 // 
            
            
            
            CNNVD: CNNVD-201704-1459

REFERENCES
url:https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8219
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-8219
Trust: 0.8
url:https://packetstormsecurity.com/files/140992/tp-link-c2-c20i-command-injection-denial-of-service.html
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-01738 // 
            
            
            
            VULHUB: VHN-116422 // 
            
            
            
            JVNDB: JVNDB-2017-003638 // 
            
            
            
            NVD: CVE-2017-8219 // 
            
            
            
            CNNVD: CNNVD-201704-1459

SOURCES
db:CNVDid:CNVD-2017-01738
db:VULHUBid:VHN-116422
db:JVNDBid:JVNDB-2017-003638
db:NVDid:CVE-2017-8219
db:CNNVDid:CNNVD-201704-1459

LAST UPDATE DATE
2023-12-18T12:51:19.804000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-01738date:2017-02-22T00:00:00
db:VULHUBid:VHN-116422date:2017-05-09T00:00:00
db:JVNDBid:JVNDB-2017-003638date:2017-06-01T00:00:00
db:NVDid:CVE-2017-8219date:2017-05-09T12:46:53.803
db:CNNVDid:CNNVD-201704-1459date:2017-04-27T00:00:00

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-01738date:2017-02-22T00:00:00
db:VULHUBid:VHN-116422date:2017-04-25T00:00:00
db:JVNDBid:JVNDB-2017-003638date:2017-06-01T00:00:00
db:NVDid:CVE-2017-8219date:2017-04-25T20:59:00.227
db:CNNVDid:CNNVD-201704-1459date:2017-04-27T00:00:00