CVE-2018-3951
HIGHTP-Link TL-R600VPN Firmware - Authenticated Remote Code Execution via HTTP Header Buffer Overflow
Title source: llmDescription
An exploitable remote code execution vulnerability exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server. A specially crafted HTTP request can cause a buffer overflow, resulting in remote code execution on the device. An attacker can send an authenticated HTTP request to trigger this vulnerability.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0620
Scores
CVSS v3
7.2
EPSS
0.0846
EPSS Percentile
92.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (1)
tp-link/tl-r600vpn_firmware
Published
Dec 01, 2018
Tracked Since
Feb 18, 2026