First published: Thu Sep 13 2018(Updated: )
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for hosts_info set_block_flag up_limit.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Tp-link Tl-wr886n Firmware | =6.0_2.3.4 | |
Tp-link Tl-wr886n Firmware | =7.0_1.1.0 | |
TP-Link TL-WR886N |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2018-17012 is medium (6.5).
Authenticated attackers can crash router services on TP-Link TL-WR886N devices via a long JSON data payload.
TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices are affected.
Authenticated attackers can crash router services such as inetd, HTTP, DNS, and UPnP by sending long JSON data for the hosts_info set_block_flag up_limit.
Yes, TP-Link TL-WR886N version 6.0_2.3.4 is vulnerable to CVE-2018-17012.
Yes, TP-Link TL-WR886N version 7.0_1.1.0 is vulnerable to CVE-2018-17012.
There is currently no known fix for this vulnerability. It is recommended to monitor for vendor updates or patches.
More information about CVE-2018-17012 can be found at the following reference: https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_08/README.md