Details of VAR-201906-0888

ID

VAR-201906-0888

CVE

CVE-2018-16119

TITLE

TP-Link WR1043nd Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-015728 // CNNVD: CNNVD-201906-824

DESCRIPTION

Stack-based buffer overflow in the httpd server of TP-Link WR1043nd (Firmware Version 3) allows remote attackers to execute arbitrary code via a malicious MediaServer request to /userRpm/MediaServerFoldersCfgRpm.htm. TP-Link WR1043nd Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TP-Link TL-WR1043ND is a wireless router from China TP-Link. A buffer overflow vulnerability exists in TP-Link TL-WR1043ND. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations

Trust: 2.25

sources: NVD: CVE-2018-16119 // JVNDB: JVNDB-2018-015728 // CNVD: CNVD-2019-31308 // VULHUB: VHN-126446

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-31308

AFFECTED PRODUCTS

vendor:	tp link	model:	tl-wr1043nd	scope:	eq	version:	3	Trust: 1.4
vendor:	tp link	model:	tl-wr1043nd	scope:	eq	version:	3.00	Trust: 1.0

sources: CNVD: CNVD-2019-31308 // JVNDB: JVNDB-2018-015728 // NVD: CVE-2018-16119

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-16119
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-16119
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-31308
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201906-824
value:	HIGH
Trust: 0.6
VULHUB:	VHN-126446
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-16119
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-31308
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-126446
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-16119
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-31308 // VULHUB: VHN-126446 // JVNDB: JVNDB-2018-015728 // CNNVD: CNNVD-201906-824 // NVD: CVE-2018-16119

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	CWE-119	Trust: 0.9

sources: VULHUB: VHN-126446 // JVNDB: JVNDB-2018-015728 // NVD: CVE-2018-16119

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-824

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201906-824

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015728

PATCH

title:

トップページ

url:

http://tp-link.com/

Trust: 0.8

sources: JVNDB: JVNDB-2018-015728

EXTERNAL IDS

db:	NVD	id:	CVE-2018-16119	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-015728	Trust: 0.8
db:	CNNVD	id:	CNNVD-201906-824	Trust: 0.7
db:	CNVD	id:	CNVD-2019-31308	Trust: 0.6
db:	VULHUB	id:	VHN-126446	Trust: 0.1

sources: CNVD: CNVD-2019-31308 // VULHUB: VHN-126446 // JVNDB: JVNDB-2018-015728 // CNNVD: CNNVD-201906-824 // NVD: CVE-2018-16119

REFERENCES

url:	https://www.secsignal.org/news/exploiting-routers-just-another-tp-link-0day	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16119	Trust: 2.0
url:	http://tp-link.com/	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16119	Trust: 0.8

sources: CNVD: CNVD-2019-31308 // VULHUB: VHN-126446 // JVNDB: JVNDB-2018-015728 // CNNVD: CNNVD-201906-824 // NVD: CVE-2018-16119

SOURCES

db:	CNVD	id:	CNVD-2019-31308
db:	VULHUB	id:	VHN-126446
db:	JVNDB	id:	JVNDB-2018-015728
db:	CNNVD	id:	CNNVD-201906-824
db:	NVD	id:	CVE-2018-16119

LAST UPDATE DATE

2024-11-23T22:37:47.570000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-31308	date:	2019-09-12T00:00:00
db:	VULHUB	id:	VHN-126446	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-015728	date:	2019-06-26T00:00:00
db:	CNNVD	id:	CNNVD-201906-824	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2018-16119	date:	2024-11-21T03:52:07.323

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-31308	date:	2019-09-11T00:00:00
db:	VULHUB	id:	VHN-126446	date:	2019-06-20T00:00:00
db:	JVNDB	id:	JVNDB-2018-015728	date:	2019-06-26T00:00:00
db:	CNNVD	id:	CNNVD-201906-824	date:	2019-06-20T00:00:00
db:	NVD	id:	CVE-2018-16119	date:	2019-06-20T16:15:11.010