Sign-up

ID

VAR-201706-0765


CVE

CVE-2017-9466


TITLE

TP-Link WR841N V8 Vulnerabilities related to the use of cryptographic algorithms in routers

Trust: 0.8

sources: JVNDB: JVNDB-2017-005275

DESCRIPTION

The executable httpd on the TP-Link WR841N V8 router before TL-WR841N(UN)_V8_170210 contained a design flaw in the use of DES for block encryption. This resulted in incorrect access control, which allowed attackers to gain read-write access to system settings through the protected router configuration service tddp via the LAN and Ath0 (Wi-Fi) interfaces. TP-Link WR841N V8 The router contains a vulnerability related to the use of cryptographic algorithms.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The TP-LinkWR841N is a SOHO wireless router. An arbitrary code execution vulnerability exists in TP-LINKWR841NV8 and earlier. An attacker can bypass the access restrictions to reset the router's authentication information (password, etc.). After exploiting this vulnerability for higher privileges, an attacker could again exploit the stack overflow vulnerability in a configuration service to execute code. TP-Link WR841N V8 is a wireless router product of China Pulian (TP-LINK) company. executable httpd is one of the executable HTTP server programs. There is a security vulnerability in executable httpd in versions earlier than TP-Link WR841N V8 TL-WR841N(UN)_V8_170210

Trust: 2.25

sources: NVD: CVE-2017-9466 // JVNDB: JVNDB-2017-005275 // CNVD: CNVD-2017-10556 // VULHUB: VHN-117669

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-10556

AFFECTED PRODUCTS

vendor:tp linkmodel:wr841n v8scope:lteversion:tl-wr841n_v8_140724

Trust: 1.0

vendor:tp linkmodel:tl-wr841n v8scope:ltversion:tl-wr841n(un)_v8_170210

Trust: 0.8

vendor:tp linkmodel:wr841nscope:lteversion:<=v8

Trust: 0.6

vendor:tp linkmodel:wr841n v8scope:eqversion:tl-wr841n_v8_140724

Trust: 0.6

sources: CNVD: CNVD-2017-10556 // JVNDB: JVNDB-2017-005275 // CNNVD: CNNVD-201706-157 // NVD: CVE-2017-9466

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-9466
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-9466
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-10556
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201706-157
value: HIGH

Trust: 0.6

VULHUB: VHN-117669
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-9466
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-10556
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-117669
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-9466
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-10556 // VULHUB: VHN-117669 // JVNDB: JVNDB-2017-005275 // CNNVD: CNNVD-201706-157 // NVD: CVE-2017-9466

PROBLEMTYPE DATA

problemtype:CWE-327

Trust: 1.9

sources: VULHUB: VHN-117669 // JVNDB: JVNDB-2017-005275 // NVD: CVE-2017-9466

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-157

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201706-157

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-005275

PATCH
title:TL-WR841Nurl:http://www.tp-link.jp/products/details/cat-9_TL-WR841N.html
Trust: 0.8
title:TP-LINKWR841N router patch for arbitrary code execution vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/96109
Trust: 0.6
title:TP-Link WR841N V8 executable httpd Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70789
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-10556 // 
            
            
            
            JVNDB: JVNDB-2017-005275 // 
            
            
            
            CNNVD: CNNVD-201706-157

EXTERNAL IDS
db:NVDid:CVE-2017-9466
Trust: 3.1
db:JVNDBid:JVNDB-2017-005275
Trust: 0.8
db:CNNVDid:CNNVD-201706-157
Trust: 0.7
db:CNVDid:CNVD-2017-10556
Trust: 0.6
db:SEEBUGid:SSVID-93219
Trust: 0.1
db:VULHUBid:VHN-117669
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-10556 // 
            
            
            
            VULHUB: VHN-117669 // 
            
            
            
            JVNDB: JVNDB-2017-005275 // 
            
            
            
            CNNVD: CNNVD-201706-157 // 
            
            
            
            NVD: CVE-2017-9466

REFERENCES
url:http://blog.senr.io/blog/cve-2017-9466-why-is-my-router-blinking-morse-code
Trust: 3.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9466
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-9466
Trust: 0.8
url:http://www.ibtimes.com/router-vulnerability-tp-link-issues-patch-fix-remote-code-execution-exploit-old-2555113
Trust: 0.6
url:https://threatpost.com/tp-link-fixes-code-execution-vulnerability-in-end-of-life-routers/126416/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-10556 // 
            
            
            
            VULHUB: VHN-117669 // 
            
            
            
            JVNDB: JVNDB-2017-005275 // 
            
            
            
            CNNVD: CNNVD-201706-157 // 
            
            
            
            NVD: CVE-2017-9466

SOURCES
db:CNVDid:CNVD-2017-10556
db:VULHUBid:VHN-117669
db:JVNDBid:JVNDB-2017-005275
db:CNNVDid:CNNVD-201706-157
db:NVDid:CVE-2017-9466

LAST UPDATE DATE
2025-04-20T23:13:05.419000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-10556date:2017-07-25T00:00:00
db:VULHUBid:VHN-117669date:2017-07-06T00:00:00
db:JVNDBid:JVNDB-2017-005275date:2017-07-25T00:00:00
db:CNNVDid:CNNVD-201706-157date:2017-07-06T00:00:00
db:NVDid:CVE-2017-9466date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-10556date:2017-06-21T00:00:00
db:VULHUBid:VHN-117669date:2017-06-26T00:00:00
db:JVNDBid:JVNDB-2017-005275date:2017-07-25T00:00:00
db:CNNVDid:CNNVD-201706-157date:2017-06-07T00:00:00
db:NVDid:CVE-2017-9466date:2017-06-26T07:29:00.340