CVE-2018-3951

HIGH Year: 2018
CVSS v3 Score
7.2
High
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-119
View all →

Vulnerability Description

An exploitable remote code execution vulnerability exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server. A specially crafted HTTP request can cause a buffer overflow, resulting in remote code execution on the device. An attacker can send an authenticated HTTP request to trigger this vulnerability.

Related Vulnerabilities

CVE-2016-6115

HIGH
CVSS:7.2(High)

IBM General Parallel File System is vulnerable to a buffer overflow. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with root privileges or cause the ...

CWE-1192016

CVE-2016-7820

HIGH
CVSS:7.2(High)

Buffer overflow in I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to cause a denial-of-servi...

CWE-1192016

CVE-2016-8998

HIGH
CVSS:7.2(High)

IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on t...

CWE-1192016

CVE-2017-2276

HIGH
CVSS:7.2(High)

Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors.

CWE-1192017

CVE-2017-5712

HIGH
CVSS:7.2(High)

Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to exec...

CWE-1192017

CVE-2018-0632

HIGH
CVSS:7.2(High)

Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via HTTP request and response.

CWE-1192018