Details of VAR-201710-0217

ID

VAR-201710-0217

CVE

CVE-2017-14250

TITLE

TP-LINK TL-WR741N and TL-WR741ND 150M Wireless Lite N Router Vulnerabilities related to input validation in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-009867

DESCRIPTION

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. TP-LINK TL-WR741N and TL-WR741ND 150M Wireless Lite N Router Contains a vulnerability related to input validation.Service operation interruption (DoS) There is a possibility of being put into a state. TP-LINKTL-WR741N and TL-WR741ND150MWirelessLiteNRouter are wireless router products of China TP-LINK. A security vulnerability exists in the TP-LINKTL-WR741N and TL-WR741ND150MWirelessLiteNRouter using 3.11.7Build100603Rel.56412n firmware and WR741Nv1/v200000000 hardware. The vulnerability stems from the program failing to properly verify the 'SSID' parameter in 'WirelessSettings'. An attacker could exploit the vulnerability to inject malicious code that would prevent the user from changing the wireless settings. 'SSID' parameter in Wireless Settings'

Trust: 2.25

sources: NVD: CVE-2017-14250 // JVNDB: JVNDB-2017-009867 // CNVD: CNVD-2018-01161 // VULHUB: VHN-104954

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-01161

AFFECTED PRODUCTS

vendor:	tp link	model:	tl-wr741n	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	tl-wr741nd	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	tl-wr741nd 150m wireless lite n router build rel.56412n	scope:	eq	version:	3.11.7100603	Trust: 0.6
vendor:	tp link	model:	tl-wr741nd 150m wireless lite n router wr741n	scope:	eq	version:	v1/v200000000	Trust: 0.6
vendor:	tp link	model:	tl-wr741n build rel.56412n	scope:	eq	version:	3.11.7100603	Trust: 0.6
vendor:	tp link	model:	tl-wr741n wr741n	scope:	eq	version:	v1/v200000000	Trust: 0.6
vendor:	tp link	model:	tl-wr741n	scope:	eq	version:	3.11.7	Trust: 0.6
vendor:	tp link	model:	tl-wr741nd	scope:	eq	version:	3.11.7	Trust: 0.6

sources: CNVD: CNVD-2018-01161 // JVNDB: JVNDB-2017-009867 // CNNVD: CNNVD-201709-353

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2017-14250
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-01161
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201709-353
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-104954
value:	MEDIUM
Trust: 0.1

NVD:	CVE-2017-14250
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2018-01161
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-104954
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:	CVE-2017-14250
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2018-01161 // VULHUB: VHN-104954 // JVNDB: JVNDB-2017-009867 // CNNVD: CNNVD-201709-353

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 0.9

sources: VULHUB: VHN-104954 // JVNDB: JVNDB-2017-009867

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-353

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201709-353

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009867

PATCH

title:

Top Page

url:

http://www.tp-link.com.au/

Trust: 0.8

sources: JVNDB: JVNDB-2017-009867

EXTERNAL IDS

db:	NVD	id:	CVE-2017-14250	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-009867	Trust: 0.8
db:	CNNVD	id:	CNNVD-201709-353	Trust: 0.7
db:	CNVD	id:	CNVD-2018-01161	Trust: 0.6
db:	VULHUB	id:	VHN-104954	Trust: 0.1

sources: CNVD: CNVD-2018-01161 // VULHUB: VHN-104954 // JVNDB: JVNDB-2017-009867 // CNNVD: CNNVD-201709-353 // NVD: CVE-2017-14250

REFERENCES

url:	https://angeloanatrella86.github.io/cve-2017/	Trust: 2.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14250	Trust: 1.4
url:	https://nvd.nist.gov/vuln/detail/cve-2017-14250	Trust: 0.8
url:	http://www.tp-link.com/us/	Trust: 0.6

sources: CNVD: CNVD-2018-01161 // VULHUB: VHN-104954 // JVNDB: JVNDB-2017-009867 // CNNVD: CNNVD-201709-353

SOURCES

db:	CNVD	id:	CNVD-2018-01161
db:	VULHUB	id:	VHN-104954
db:	JVNDB	id:	JVNDB-2017-009867
db:	CNNVD	id:	CNNVD-201709-353
db:	NVD	id:	CVE-2017-14250

LAST UPDATE DATE

2024-08-14T14:46:01.487000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-01161	date:	2018-01-17T00:00:00
db:	VULHUB	id:	VHN-104954	date:	2017-11-22T00:00:00
db:	JVNDB	id:	JVNDB-2017-009867	date:	2017-11-24T00:00:00
db:	CNNVD	id:	CNNVD-201709-353	date:	2017-11-06T00:00:00
db:	NVD	id:	CVE-2017-14250	date:	2023-11-07T02:38:54.007

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-01161	date:	2018-01-17T00:00:00
db:	VULHUB	id:	VHN-104954	date:	2017-10-31T00:00:00
db:	JVNDB	id:	JVNDB-2017-009867	date:	2017-11-24T00:00:00
db:	CNNVD	id:	CNNVD-201709-353	date:	2017-09-12T00:00:00
db:	NVD	id:	CVE-2017-14250	date:	2017-10-31T18:29:00.297