An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an authenticated web request to trigger this vulnerability.
CPE | Name | Operator | Version |
---|---|---|---|
tl-r600vpn_firmware | eq | 1.3.0 | |
tl-r600vpn_firmware | eq | 1.2.3 |