Tp-Link: >> C2 Firmware >> 0.9.1_4.2_v0032.0_build_160706 Security Vulnerabilities
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface.
CVSS Score
5.3
EPSS Score
0.002
Published
2017-04-25
vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, and a backdoor test account with the test password.
CVSS Score
9.8
EPSS Score
0.009
Published
2017-04-25
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI.
CVSS Score
6.5
EPSS Score
0.003
Published
2017-04-25
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data.
CVSS Score
9.9
EPSS Score
0.119
Published
2017-04-25