Vulnerability Details CVE-2018-3951
An exploitable remote code execution vulnerability exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server. A specially crafted HTTP request can cause a buffer overflow, resulting in remote code execution on the device. An attacker can send an authenticated HTTP request to trigger this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.102
EPSS Ranking 92.8%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
References
Products affected by CVE-2018-3951
-
cpe:2.3:h:tp-link:tl-r600vpn:-
-
cpe:2.3:o:tp-link:tl-r600vpn_firmware:-
-
cpe:2.3:o:tp-link:tl-r600vpn_firmware:1.2.3
-
cpe:2.3:o:tp-link:tl-r600vpn_firmware:1.3.0