Vulnerability Details CVE-2018-3950
An exploitable remote code execution vulnerability exists in the ping and tracert functionality of the TP-Link TL-R600VPN HWv3 FRNv1.3.0 and HWv2 FRNv1.2.3 http server. A specially crafted IP address can cause a stack overflow, resulting in remote code execution. An attacker can send a single authenticated HTTP request to trigger this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 82.4%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
References
Products affected by CVE-2018-3950
-
cpe:2.3:h:tp-link:tl-r600vpn:2
-
cpe:2.3:h:tp-link:tl-r600vpn:3
-
cpe:2.3:o:tp-link:tl-r600vpn_firmware:1.2.3
-
cpe:2.3:o:tp-link:tl-r600vpn_firmware:1.3.0