CVE-2018-3949

Summary

An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an authenticated web request to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
TalosTP-LinkTP-Link TL-R600VPN HWv3 FRNv1.3.0 TP-Link TL-R600VPN HWv2 FRNv1.2.3affected

Weaknesses

  • path traversal

ADP Enrichment

CVE Program Container

Additional References

References