CVE-2017-8219

Published: Apr 25, 2017Modified: May 13, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI.

Affected (2)

Products: Tp Link: C2 Firmware, C20i Firmware

Tp Link

2 products

C2 Firmware

C20i Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tp Link C2 Firmware	Up to 0.9.1_4.2_v0032.0_build_160706

Running on/with	Platform Versions
Tp Link C2	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tp Link C20i Firmware	Up to 0.9.1_4.2_v0032.0_build_160706

Running on/with	Platform Versions
Tp Link C20i	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html

Source: cve@mitre.org

ExploitTechnical DescriptionThird Party Advisory

https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionThird Party Advisory

Timeline

No history available yet.