TP-Link TL-R600VPN Firmware 1.3.0
Approved changes feed: RSS · Atom
cpe:2.3:o:tp-link:tl-r600vpn_firmware:1.3.0:*:*:*:*:*:*:*
part: o version: 1.3.0 update: *
| Vendor | Tp Link (0b2e1553-ac8b-5981-a60b-ca6c27ee3a6e) |
|---|---|
| Product | Tl R600Vpn Firmware (93cf3ee0-0e08-55f0-b5aa-4b3649212cfa) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2018-3950 |
vulnerable | 2026-06-03 14:38:50.641860 |
Details available
HIGH (7.2)
An exploitable remote code execution vulnerability exists in the ping and tracert functionality of the TP-Link TL-R600VPN HWv3 FRNv1.3.0 and HWv2 FRNv1.2.3 http server. A specially crafted IP address can cause a stack overflow, resulting in remote code execution. An attacker can send a single authenticated HTTP request to trigger this vulnerability.
Published: 2018-12-01T04:00:00.000Z
Updated: 2024-09-17T04:09:57.222Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-3949 |
vulnerable | 2026-06-03 14:38:50.639708 |
Details available
HIGH (7.5)
An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an authenticated web request to trigger this vulnerability.
Published: 2018-12-01T03:00:00.000Z
Updated: 2024-09-17T01:01:34.084Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-3948 |
vulnerable | 2026-06-03 14:38:50.636360 |
Details available
HIGH (7.5)
An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either an unauthenticated or authenticated web request to trigger this vulnerability.
Published: 2018-11-30T17:00:00.000Z
Updated: 2024-09-17T04:13:43.613Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.