Details of VAR-201907-0683

ID

VAR-201907-0683

CVE

CVE-2019-13614

TITLE

TP-Link Archer C1200 Device buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006661

DESCRIPTION

CMD_SET_CONFIG_COUNTRY in the TP-Link Device Debug protocol in TP-Link Archer C1200 1.0.0 Build 20180502 rel.45702 and earlier is prone to a stack-based buffer overflow, which allows a remote attacker to achieve code execution or denial of service by sending a crafted payload to the listening server. TP-Link Archer C1200 The device contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The TP-Link Archer C1200 is a wireless router from China Unicom (TP-Link). A buffer overflow vulnerability exists in CMD_SET_CONFIG_COUNTRY of the TP-LinkDeviceDebug protocol in TP-LinkArcherC12001.0.0Build20180502rel.45702 and earlier. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow

Trust: 2.25

sources: NVD: CVE-2019-13614 // JVNDB: JVNDB-2019-006661 // CNVD: CNVD-2019-23287 // VULHUB: VHN-145478

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-23287

AFFECTED PRODUCTS

vendor:	tp link	model:	archer c1200	scope:	eq	version:	1.0.0	Trust: 1.0
vendor:	tp link	model:	archer c1200	scope:	lte	version:	1.0.0 build 20180502 rel.45702	Trust: 0.8
vendor:	tp link	model:	archer c1200 build rel.45702	scope:	lte	version:	<=1.0.020180502	Trust: 0.6

sources: CNVD: CNVD-2019-23287 // JVNDB: JVNDB-2019-006661 // NVD: CVE-2019-13614

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-13614
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-13614
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2019-23287
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201907-1006
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-145478
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-13614
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-23287
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-145478
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-13614
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-23287 // VULHUB: VHN-145478 // JVNDB: JVNDB-2019-006661 // CNNVD: CNNVD-201907-1006 // NVD: CVE-2019-13614

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	CWE-119	Trust: 0.9

sources: VULHUB: VHN-145478 // JVNDB: JVNDB-2019-006661 // NVD: CVE-2019-13614

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-1006

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201907-1006

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006661

PATCH

title:

Archer C1200

url:

https://www.tp-link.com/us/home-networking/wifi-router/archer-c1200/

Trust: 0.8

sources: JVNDB: JVNDB-2019-006661

EXTERNAL IDS

db:	NVD	id:	CVE-2019-13614	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-006661	Trust: 0.8
db:	CNNVD	id:	CNNVD-201907-1006	Trust: 0.7
db:	CNVD	id:	CNVD-2019-23287	Trust: 0.6
db:	VULHUB	id:	VHN-145478	Trust: 0.1

sources: CNVD: CNVD-2019-23287 // VULHUB: VHN-145478 // JVNDB: JVNDB-2019-006661 // CNNVD: CNNVD-201907-1006 // NVD: CVE-2019-13614

REFERENCES

url:	https://fakhrizulkifli.github.io/posts/2019/07/15/cve-2019-13614/	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13614	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13614	Trust: 0.8

sources: CNVD: CNVD-2019-23287 // VULHUB: VHN-145478 // JVNDB: JVNDB-2019-006661 // CNNVD: CNNVD-201907-1006 // NVD: CVE-2019-13614

SOURCES

db:	CNVD	id:	CNVD-2019-23287
db:	VULHUB	id:	VHN-145478
db:	JVNDB	id:	JVNDB-2019-006661
db:	CNNVD	id:	CNNVD-201907-1006
db:	NVD	id:	CVE-2019-13614

LAST UPDATE DATE

2024-11-23T22:21:34.695000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-23287	date:	2019-07-19T00:00:00
db:	VULHUB	id:	VHN-145478	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-006661	date:	2019-07-24T00:00:00
db:	CNNVD	id:	CNNVD-201907-1006	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-13614	date:	2024-11-21T04:25:21.660

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-23287	date:	2019-07-19T00:00:00
db:	VULHUB	id:	VHN-145478	date:	2019-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-006661	date:	2019-07-24T00:00:00
db:	CNNVD	id:	CNNVD-201907-1006	date:	2019-07-17T00:00:00
db:	NVD	id:	CVE-2019-13614	date:	2019-07-17T18:15:11.693