← Back

CVE-2019-13268

nvd nist
Published: Aug 27, 2019Modified: Jun 17, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To use this leakage as a direct covert channel, the sender can trivially issue an ARP request to an arbitrary computer on the network. (In general, some routers restrict ARP forwarding only to requests destined for the network's subnet mask, but these routers did not restrict this traffic in any way. Depending on this factor, one must use either the lower 8 bits of the IP address, or the entire 32 bits, as the data payload.)

Affected (2)

Tp Link
2 products
Archer C3200 V1 Firmware
Archer C2 V1 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Archer C3200 V1 Firmware
All versions
Running on/withPlatform Versions
Tp Link
Archer C3200 V1
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Archer C2 V1 Firmware
All versions
Running on/withPlatform Versions
Tp Link
Archer C2 V1
All versions

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.