CVE-2017-8218
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, and a backdoor test account with the test password.
Vsftpd en los dispositivos TP-Link C2 y C20i a través del firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n tiene una cuenta de administrador de puerta trasera con la contraseña 1234, una cuenta de invitado de puerta trasera con la contraseña de invitado y una cuenta de prueba de puerta trasera con contraseña de prueba.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-04-25 CVE Reserved
- 2017-04-25 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-1188: Initialization of a Resource with an Insecure Default
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html | 2024-09-16 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Tp-link Search vendor "Tp-link" | C2 Firmware Search vendor "Tp-link" for product "C2 Firmware" | <= 0.9.1_4.2_v0032.0_build_160706 Search vendor "Tp-link" for product "C2 Firmware" and version " <= 0.9.1_4.2_v0032.0_build_160706" | rel.37961n |
Affected
| in | Tp-link Search vendor "Tp-link" | C2 Search vendor "Tp-link" for product "C2" | - | - |
Safe
|
| Tp-link Search vendor "Tp-link" | C20i Firmware Search vendor "Tp-link" for product "C20i Firmware" | <= 0.9.1_4.2_v0032.0_build_160706 Search vendor "Tp-link" for product "C20i Firmware" and version " <= 0.9.1_4.2_v0032.0_build_160706" | rel.37961n |
Affected
| in | Tp-link Search vendor "Tp-link" | C20i Search vendor "Tp-link" for product "C20i" | - | - |
Safe
|