How severe is CVE-2018-11714?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2018-11714?

This is classified as CWE-384, which is a common weakness in software security.

CVE-2018-11714

CRITICAL Year: 2018

CVSS v3 Score

9.8

Critical

CVSS v2 Score

10.0

Critical

Weakness Type

CWE-384

View all →

Vulnerability Description

An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of "Referer: http://192.168.0.1/mainFrame.htm" then no authentication is required for any action.

CVE-2015-1174

CRITICAL

CVSS:9.8(Critical)

Session fixation vulnerability in Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 and earlier allows remote attackers to hijack web sessions via a session id.

CWE-3842015

CVE-2015-1820

CRITICAL

CVSS:9.8(Critical)

REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a respons...

CWE-3842015

CVE-2016-10405

CRITICAL

CVSS:9.8(Critical)

Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) with firmware before FW1.17.B01 allows remote attackers to hijack web sessions via unspecified vectors.

CWE-3842016

CVE-2016-9125

CRITICAL

CVSS:9.8(Critical)

Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful aut...

CWE-3842016

CVE-2017-12868

CRITICAL

CVSS:9.8(Critical)

The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass...

CWE-3842017

CVE-2017-12873

CRITICAL

CVSS:9.8(Critical)

SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generat...

CWE-3842017

CVE-2018-11714

Vulnerability Description

Related Vulnerabilities

CVE-2015-1174

CVE-2015-1820

CVE-2016-10405

CVE-2016-9125

CVE-2017-12868

CVE-2017-12873