Описание
An exploitable remote code execution vulnerability exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server. A specially crafted HTTP request can cause a buffer overflow, resulting in remote code execution on the device. An attacker can send an authenticated HTTP request to trigger this vulnerability.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Одновременно
EPSS
7.2 High
CVSS3
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
Связанные уязвимости
An exploitable remote code execution vulnerability exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server. A specially crafted HTTP request can cause a buffer overflow, resulting in remote code execution on the device. An attacker can send an authenticated HTTP request to trigger this vulnerability.
Уязвимость функции синтаксического анализа HTTP-заголовка микропрограммного обеспечения VPN-маршрутизаторов TP-Link TL-R600VPN, позволяющая нарушителю выполнить произвольный код
EPSS
7.2 High
CVSS3
7.2 High
CVSS3
6.5 Medium
CVSS2