CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-3949

An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an authenticated web request to trigger this vulnerability.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.276

EPSS Ranking 96.2%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

https://talosintelligence.com/vulnerability_reports/TALOS-2018-0618
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0618

Products affected by CVE-2018-3949

Tp-Link » Tl-R600vpn » Version: 2

cpe:2.3:h:tp-link:tl-r600vpn:2
Tp-Link » Tl-R600vpn » Version: 3

cpe:2.3:h:tp-link:tl-r600vpn:3
Tp-Link » Tl-R600vpn Firmware » Version: 1.2.3

cpe:2.3:o:tp-link:tl-r600vpn_firmware:1.2.3
Tp-Link » Tl-R600vpn Firmware » Version: 1.3.0

cpe:2.3:o:tp-link:tl-r600vpn_firmware:1.3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-3949

Products

Pricing

Contact Us