Security News > 2018 > November > “Classic” bugs open TP-Link’s SafeStream Gigabit Broadband VPN Router to attack
2018-11-20 12:51
Cisco Talos researchers have flagged four serious vulnerabilities in TP-Link’s SafeStream Gigabit Broadband VPN Router (TL-R600VPN). All four affect the device’s HTTP server, and can lead to denial of service, information disclosure, and remote code execution. About the vulnerabilities The flaws affect TP-Link TL-R600VPN, hardware versions 2 and 3. Numbered CVE-2018-3948 and CVE-2018-3949, respectively, the flaws that can be exploited for DoS and information disclosure can be triggered via an unauthenticated web request and a … More → The post “Classic” bugs open TP-Link’s SafeStream Gigabit Broadband VPN Router to attack appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/_Kivhr0azCk/
Related news
- VPN vulnerabilities, weak credentials fuel ransomware attacks (source)
- Japan warns of IO-Data zero-day router flaws exploited in attacks (source)
- OpenWrt orders router firmware updates after supply chain attack scare (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers (source)
- PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-01 | CVE-2018-3949 | Path Traversal vulnerability in Tp-Link Tl-R600Vpn Firmware 1.2.3/1.3.0 An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. | 7.5 |
| 2018-11-30 | CVE-2018-3948 | Improper Input Validation vulnerability in Tp-Link Tl-R600Vpn Firmware 1.2.3/1.3.0 An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. | 7.5 |