What is CVE-2018-3949?

CVE-2018-3949 is a high-severity vulnerability in Talos Tp-link. CVSS score: 7.5/10. Published 2018-12-01.

How severe is CVE-2018-3949?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Talos Tp-link

CVE-2018-3949

An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attac…

EPSS: 0.533 (98.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Talos Tp-link — versions TP-Link TL-R600VPN HWv3 FRNv1.3.0 TP-Link TL-R600VPN HWv2 FRNv1.2.3

References

talosintelligence.com/vulnerability_reports/TALOS-2018-0618 (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-3949?: CVE-2018-3949 is a high-severity vulnerability in Talos Tp-link. CVSS score: 7.5/10. Published 2018-12-01.
How severe is CVE-2018-3949?: High severity. CVSS v3 base score is 7.5 out of 10.