Vulnerabilities for Archer c2 v1 firmware (...) - CXSECURITY.COM

Vulnerabilities for 'Archer c2 v1 firmware'

2019-08-27

CVE-2019-13268

CWE-20

TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To use this leakage as a direct covert channel, the sender can trivially issue an ARP request to an arbitrary computer on the network. (In general, some routers restrict ARP forwarding only to requests destined for the network's subnet mask, but these routers did not restrict this traffic in any way. Depending on this factor, one must use either the lower 8 bits of the IP address, or the entire 32 bits, as the data payload.)

CVE-2019-13267

CWE-20

TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After it leaves, the router (following the IGMP protocol) creates an IGMP Membership Query packet with the Group IP and sends it to both the Host and the Guest networks. The data is transferred within the Group IP field, which is completely controlled by the sender.

CVE-2019-13266

CWE-20

TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field.

>>> Vendor: Tp-link 180 Products

Tl-wr841n firmware

Tl-wdr4300 firmware

Tl-wr740n firmware

Tl-wr840n firmware

Tl-wrd741nd (5.0)

Archer c5 (1.2) firmware

Archer c7 (2.0) firmware

Archer c8 (1.0) firmware

Archer c9 (1.0) firmware

Tl-wdr3500 (1.0) firmware

Tl-wdr3600 (1.0) firmware

Tl-wdr4300 (1.0) firmware

Tl-wrd740n (5.0) firmware

Tl-wrd741nd (5.0) firmware

Tl-wrd841n (10.0) firmware

Tl-wrd841n (9.0) firmware

Tl-wrd841nd (10.0) firmware

Tl-wrd841nd (9.0) firmware

Tl-wr741nd (5.0)

Tl-wr740n (5.0) firmware

Tl-wr741nd (5.0) firmware

Tl-wr841n (10.0) firmware

Tl-wr841n (9.0) firmware

Tl-wr841nd (10.0) firmware

Tl-wr841nd (9.0) firmware

Tl-sg108e firmware

Wr841n v8 firmware

Nc250 v1 firmware

Archer c9 (2.0) firmware

Tl-mr3220 firmware

Wr940n firmware

Tl-wr741n firmware

Tl-wr741nd firmware

Tl-er3210g firmware

Tl-er3220g firmware

Tl-er5110g firmware

Tl-er5120g firmware

Tl-er6110g firmware

Tl-er6220g firmware

Tl-er6510g firmware

Tl-er7520g firmware

Tl-r4149g firmware

Tl-r473g firmware

Tl-r473gp-ac firmware

Tl-r473p-ac firmware

Tl-r478g firmware

Tl-r479gp-ac firmware

Tl-r479gpe-ac firmware

Tl-r479p-ac firmware

Tl-war1200l firmware

Tl-war1300l firmware

Tl-war1750l firmware

Tl-war2600l firmware

Tl-war302 firmware

Tl-war450 firmware

Tl-war450l firmware

Tl-war458 firmware

Tl-war458l firmware

Tl-war900l firmware

Tl-wvr1200l firmware

Tl-wvr1300g firmware

Tl-wvr1300l firmware

Tl-wvr1750l firmware

Tl-wvr2600l firmware

Tl-wvr4300l firmware

Tl-wvr450 firmware

Tl-wvr450l firmware

Tl-wvr458 firmware

Tl-wvr458l firmware

Tl-wvr458p firmware

See all Products for Vendor Tp-link

Copyright 2024, cxsecurity.com