cvedb.io
CVE-2018-3948
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2018-11-30T17:29:00.410 · Last modified 2026-06-17T01:58:05.763

Summary

An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either an unauthenticated or authenticated web request to trigger this vulnerability.

Affected products

tp-link — tl-r600vpn_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when tp-link ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.