Vulnerability Description
vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, and a backdoor test account with the test password.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tp-Link | C2 Firmware | <= 0.9.1_4.2_v0032.0_build_160706 |
| Tp-Link | C2 | - |
| Tp-Link | C20I Firmware | <= 0.9.1_4.2_v0032.0_build_160706 |
| Tp-Link | C20I | - |
Related Weaknesses (CWE)
References
- https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.htmlExploitTechnical DescriptionThird Party Advisory
- https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.htmlExploitTechnical DescriptionThird Party Advisory
FAQ
What is CVE-2017-8218?
CVE-2017-8218 is a vulnerability with a CVSS score of 9.8 (CRITICAL). vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, ...
How severe is CVE-2017-8218?
CVE-2017-8218 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-8218?
Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link C2 Firmware, Tp-Link C2, Tp-Link C20I Firmware, Tp-Link C20I.