Sign-up

ID

VAR-201906-0412


CVE

CVE-2019-6989


TITLE

TP-Link TL-WR940N Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-005360

DESCRIPTION

TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the ipAddrDispose function. By sending specially crafted ICMP echo request packets, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges. TP-Link TL-WR940N Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The TP-Link TL-WR940N and the TP-Link TL-WR941ND are both wireless routers from China Unicom (TP-Link). A buffer overflow vulnerability exists in TP-LINK TL-WR940N and TL-WR941ND. This vulnerability is caused when the network system or product performs operations on memory and does not correctly verify the data boundary, resulting in an error being performed to other associated memory locations. Read and write operations that an attacker can exploit to cause a buffer overflow or heap overflow

Trust: 2.25

sources: NVD: CVE-2019-6989 // JVNDB: JVNDB-2019-005360 // CNVD: CNVD-2019-40472 // VULHUB: VHN-158424

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-40472

AFFECTED PRODUCTS

vendor:tp linkmodel:tl-wr940nscope: - version: -

Trust: 1.4

vendor:tp linkmodel:tl-wr941ndscope: - version: -

Trust: 1.4

vendor:tp linkmodel:tl-wr941ndscope:eqversion: -

Trust: 1.0

vendor:tp linkmodel:tl-wr940nscope:eqversion: -

Trust: 1.0

sources: CNVD: CNVD-2019-40472 // JVNDB: JVNDB-2019-005360 // NVD: CVE-2019-6989

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6989
value: HIGH

Trust: 1.0

NVD: CVE-2019-6989
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-40472
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201904-442
value: HIGH

Trust: 0.6

VULHUB: VHN-158424
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-6989
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-40472
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-158424
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-6989
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-40472 // VULHUB: VHN-158424 // JVNDB: JVNDB-2019-005360 // CNNVD: CNNVD-201904-442 // NVD: CVE-2019-6989

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-158424 // JVNDB: JVNDB-2019-005360 // NVD: CVE-2019-6989

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-442

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201904-442

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005360

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-158424

PATCH
title:Top Pageurl:https://www.tp-link.com/us/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-005360

EXTERNAL IDS
db:NVDid:CVE-2019-6989
Trust: 3.1
db:PACKETSTORMid:152458
Trust: 2.3
db:EXPLOIT-DBid:46678
Trust: 1.7
db:JVNDBid:JVNDB-2019-005360
Trust: 0.8
db:CNNVDid:CNNVD-201904-442
Trust: 0.7
db:CNVDid:CNVD-2019-40472
Trust: 0.6
db:VULHUBid:VHN-158424
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-40472 // 
            
            
            
            VULHUB: VHN-158424 // 
            
            
            
            JVNDB: JVNDB-2019-005360 // 
            
            
            
            CNNVD: CNNVD-201904-442 // 
            
            
            
            NVD: CVE-2019-6989

REFERENCES
url:http://packetstormsecurity.com/files/152458/tp-link-tl-wr940n-tl-wr941nd-buffer-overflow.html
Trust: 2.9
url:https://www.exploit-db.com/exploits/46678/
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-6989
Trust: 1.4
url:https://exchange.xforce.ibmcloud.com
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6989
Trust: 0.8
url:https://www.exploit-db.com/exploits/46678
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-40472 // 
            
            
            
            VULHUB: VHN-158424 // 
            
            
            
            JVNDB: JVNDB-2019-005360 // 
            
            
            
            CNNVD: CNNVD-201904-442 // 
            
            
            
            NVD: CVE-2019-6989

CREDITS
Grzegorz Wypych
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201904-442

SOURCES
db:CNVDid:CNVD-2019-40472
db:VULHUBid:VHN-158424
db:JVNDBid:JVNDB-2019-005360
db:CNNVDid:CNNVD-201904-442
db:NVDid:CVE-2019-6989

LAST UPDATE DATE
2024-11-23T22:44:58.596000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-40472date:2019-11-13T00:00:00
db:VULHUBid:VHN-158424date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-005360date:2019-06-19T00:00:00
db:CNNVDid:CNNVD-201904-442date:2020-08-25T00:00:00
db:NVDid:CVE-2019-6989date:2024-11-21T04:47:22.590

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-40472date:2019-11-13T00:00:00
db:VULHUBid:VHN-158424date:2019-06-06T00:00:00
db:JVNDBid:JVNDB-2019-005360date:2019-06-19T00:00:00
db:CNNVDid:CNNVD-201904-442date:2019-04-09T00:00:00
db:NVDid:CVE-2019-6989date:2019-06-06T18:29:00.410