CVE-2017-8219

Exploit

EPSS 0.27%
Published 25.04.2017 20:59:00
Last modified 20.04.2025 01:37:25
Source cve@mitre.org
Teams watchlist Login
Open Login

TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Tp-link ≫ C2 Firmware Updaterel.37961n Version <= 0.9.1_4.2_v0032.0_build_160706

Tp-link ≫ C2 Version-

Tp-link ≫ C20i Firmware Updaterel.37961n Version <= 0.9.1_4.2_v0032.0_build_160706

Tp-link ≫ C20i Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.27%	0.472

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html

Third Party Advisory

Exploit

Technical Description

https://nvd.nist.gov/vuln/detail/CVE-2017-8219

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-8219

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-8219

EUVD