GCVE - cpe:2.3:a:talos:tp-link:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:talos:tp-link:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Talos (`e7c02545-e938-5775-90a6-6bebb73bfb47`)
Product	Tp Link (`301a6333-2560-532b-ae41-450afc6b8538`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2018-3951`	vulnerable	2026-06-03 14:38:50.642267	Details available HIGH (7.2) An exploitable remote code execution vulnerability exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server. A specially crafted HTTP request can cause a buffer overflow, resulting in remote code execution on the device. An attacker can send an authenticated HTTP request to trigger this vulnerability. Published: 2018-12-01T06:00:00.000Z Updated: 2024-09-17T01:35:33.109Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2018-0620	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-3950`	vulnerable	2026-06-03 14:38:50.641816	Details available HIGH (7.2) An exploitable remote code execution vulnerability exists in the ping and tracert functionality of the TP-Link TL-R600VPN HWv3 FRNv1.3.0 and HWv2 FRNv1.2.3 http server. A specially crafted IP address can cause a stack overflow, resulting in remote code execution. An attacker can send a single authenticated HTTP request to trigger this vulnerability. Published: 2018-12-01T04:00:00.000Z Updated: 2024-09-17T04:09:57.222Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2018-0619	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-3949`	vulnerable	2026-06-03 14:38:50.639663	Details available HIGH (7.5) An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an authenticated web request to trigger this vulnerability. Published: 2018-12-01T03:00:00.000Z Updated: 2024-09-17T01:01:34.084Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2018-0618	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.