Sign-up

ID

VAR-201903-0935


CVE

CVE-2018-15840


TITLE

TP-Link TL-WR840N Device buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-015154

DESCRIPTION

TP-Link TL-WR840N devices allow remote attackers to cause a denial of service (networking outage) via fragmented packets, as demonstrated by an "nmap -f" command. TP-Link TL-WR840N The device contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The TP-LINKTL-WR840N is a wireless router with 13 channels and supports VPN. A denial of service vulnerability exists in TP-LinkTL-WR840N. There is a buffer error vulnerability in TP-Link TL-WR840N. This vulnerability originates from incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 2.25

sources: NVD: CVE-2018-15840 // JVNDB: JVNDB-2018-015154 // CNVD: CNVD-2019-13602 // VULHUB: VHN-126140

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-13602

AFFECTED PRODUCTS

vendor:tp linkmodel:tl-wr840nscope:eqversion: -

Trust: 1.0

vendor:tp linkmodel:tl-wr840nscope: - version: -

Trust: 0.8

vendor:tp linkmodel:tl-wr840nscope:eqversion:0

Trust: 0.6

sources: CNVD: CNVD-2019-13602 // JVNDB: JVNDB-2018-015154 // NVD: CVE-2018-15840

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15840
value: HIGH

Trust: 1.0

NVD: CVE-2018-15840
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-13602
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201903-1188
value: HIGH

Trust: 0.6

VULHUB: VHN-126140
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-15840
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-13602
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-126140
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15840
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-13602 // VULHUB: VHN-126140 // JVNDB: JVNDB-2018-015154 // CNNVD: CNNVD-201903-1188 // NVD: CVE-2018-15840

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-126140 // JVNDB: JVNDB-2018-015154 // NVD: CVE-2018-15840

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-1188

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201903-1188

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015154

PATCH
title:TL-WR840Nurl:https://www.tp-link.com/in/home-networking/wifi-router/tl-wr840n/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-015154

EXTERNAL IDS
db:NVDid:CVE-2018-15840
Trust: 3.1
db:JVNDBid:JVNDB-2018-015154
Trust: 0.8
db:CNNVDid:CNNVD-201903-1188
Trust: 0.7
db:CNVDid:CNVD-2019-13602
Trust: 0.6
db:VULHUBid:VHN-126140
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-13602 // 
            
            
            
            VULHUB: VHN-126140 // 
            
            
            
            JVNDB: JVNDB-2018-015154 // 
            
            
            
            CNNVD: CNNVD-201903-1188 // 
            
            
            
            NVD: CVE-2018-15840

REFERENCES
url:https://hackingvila.wordpress.com/2019/02/17/tp-link-wireless-n-router-wr840n-buffer-overflow-cve-2018-15840/
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2018-15840
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15840
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-13602 // 
            
            
            
            VULHUB: VHN-126140 // 
            
            
            
            JVNDB: JVNDB-2018-015154 // 
            
            
            
            CNNVD: CNNVD-201903-1188 // 
            
            
            
            NVD: CVE-2018-15840

SOURCES
db:CNVDid:CNVD-2019-13602
db:VULHUBid:VHN-126140
db:JVNDBid:JVNDB-2018-015154
db:CNNVDid:CNNVD-201903-1188
db:NVDid:CVE-2018-15840

LAST UPDATE DATE
2024-11-23T21:52:27.066000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-13602date:2019-05-10T00:00:00
db:VULHUBid:VHN-126140date:2019-04-02T00:00:00
db:JVNDBid:JVNDB-2018-015154date:2019-05-07T00:00:00
db:CNNVDid:CNNVD-201903-1188date:2019-04-04T00:00:00
db:NVDid:CVE-2018-15840date:2024-11-21T03:51:32.497

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-13602date:2019-05-10T00:00:00
db:VULHUBid:VHN-126140date:2019-03-29T00:00:00
db:JVNDBid:JVNDB-2018-015154date:2019-05-07T00:00:00
db:CNNVDid:CNNVD-201903-1188date:2019-03-29T00:00:00
db:NVDid:CVE-2018-15840date:2019-03-29T18:29:00.190