Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-8220 | 1 Tp-link | 4 C2, C20i, C20i Firmware and 1 more | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data. | |||||
CVE-2017-8219 | 1 Tp-link | 4 C2, C20i, C20i Firmware and 1 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI. | |||||
CVE-2017-8218 | 1 Tp-link | 4 C2, C20i, C20i Firmware and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, and a backdoor test account with the test password. | |||||
CVE-2017-8217 | 1 Tp-link | 4 C2, C20i, C20i Firmware and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface. |