Sign-up

ID

VAR-201811-0373


CVE

CVE-2018-19528


TITLE

TP-Link TL-WR886N Device buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-012328

DESCRIPTION

TP-Link TL-WR886N 7.0 1.1.0 devices allow remote attackers to cause a denial of service (Tlb Load Exception) via crafted DNS packets to port 53/udp. TP-Link TL-WR886N The device contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TP-LinkTL-WR886N is a wireless router product of China TP-LINK. A security vulnerability exists in the TP-LinkTL-WR886N7.01.1.0 release

Trust: 2.34

sources: NVD: CVE-2018-19528 // JVNDB: JVNDB-2018-012328 // CNVD: CNVD-2019-00238 // VULHUB: VHN-130196 // VULMON: CVE-2018-19528

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-00238

AFFECTED PRODUCTS

vendor:tp linkmodel:tl-wr886nscope:eqversion:7.0.1.1.0

Trust: 1.6

vendor:tp linkmodel:tl-wr886nscope:eqversion:7.0 1.1.0

Trust: 0.8

vendor:tp linkmodel:tl-wr886nscope:eqversion:7.01.1.0

Trust: 0.6

sources: CNVD: CNVD-2019-00238 // JVNDB: JVNDB-2018-012328 // CNNVD: CNNVD-201811-687 // NVD: CVE-2018-19528

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-19528
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-19528
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-00238
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201811-687
value: CRITICAL

Trust: 0.6

VULHUB: VHN-130196
value: HIGH

Trust: 0.1

VULMON: CVE-2018-19528
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-19528
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-00238
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-130196
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-19528
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-00238 // VULHUB: VHN-130196 // VULMON: CVE-2018-19528 // JVNDB: JVNDB-2018-012328 // CNNVD: CNNVD-201811-687 // NVD: CVE-2018-19528

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-130196 // JVNDB: JVNDB-2018-012328 // NVD: CVE-2018-19528

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-687

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201811-687

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-012328

PATCH
title:TL-WR886Nurl:https://www.tp-link.com.cn/product_397.html
Trust: 0.8
title:vxhunterurl:https://github.com/dark-lbp/vxhunter 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-19528 // 
            
            
            
            JVNDB: JVNDB-2018-012328

EXTERNAL IDS
db:NVDid:CVE-2018-19528
Trust: 3.2
db:JVNDBid:JVNDB-2018-012328
Trust: 0.8
db:CNNVDid:CNNVD-201811-687
Trust: 0.7
db:CNVDid:CNVD-2019-00238
Trust: 0.6
db:VULHUBid:VHN-130196
Trust: 0.1
db:VULMONid:CVE-2018-19528
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-00238 // 
            
            
            
            VULHUB: VHN-130196 // 
            
            
            
            VULMON: CVE-2018-19528 // 
            
            
            
            JVNDB: JVNDB-2018-012328 // 
            
            
            
            CNNVD: CNNVD-201811-687 // 
            
            
            
            NVD: CVE-2018-19528

REFERENCES
url:https://github.com/pagalaxylab/vulinfo/blob/master/tp-link/wr886n/dns_request_buff_overflow/readme.md
Trust: 2.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-19528
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19528
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://github.com/dark-lbp/vxhunter
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-00238 // 
            
            
            
            VULHUB: VHN-130196 // 
            
            
            
            VULMON: CVE-2018-19528 // 
            
            
            
            JVNDB: JVNDB-2018-012328 // 
            
            
            
            CNNVD: CNNVD-201811-687 // 
            
            
            
            NVD: CVE-2018-19528

SOURCES
db:CNVDid:CNVD-2019-00238
db:VULHUBid:VHN-130196
db:VULMONid:CVE-2018-19528
db:JVNDBid:JVNDB-2018-012328
db:CNNVDid:CNNVD-201811-687
db:NVDid:CVE-2018-19528

LAST UPDATE DATE
2024-11-23T22:58:49.603000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-00238date:2019-01-03T00:00:00
db:VULHUBid:VHN-130196date:2018-12-19T00:00:00
db:VULMONid:CVE-2018-19528date:2018-12-19T00:00:00
db:JVNDBid:JVNDB-2018-012328date:2019-01-31T00:00:00
db:CNNVDid:CNNVD-201811-687date:2018-11-26T00:00:00
db:NVDid:CVE-2018-19528date:2024-11-21T03:58:06.320

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-00238date:2019-01-03T00:00:00
db:VULHUBid:VHN-130196date:2018-11-26T00:00:00
db:VULMONid:CVE-2018-19528date:2018-11-26T00:00:00
db:JVNDBid:JVNDB-2018-012328date:2019-01-31T00:00:00
db:CNNVDid:CNNVD-201811-687date:2018-11-26T00:00:00
db:NVDid:CVE-2018-19528date:2018-11-26T02:29:00.227