Strix
26.1K

CVE-2017-8218

UnknownEPSS 2.00%

Last modified

CVE-2017-8218 is a vulnerability of currently unknown severity. vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, and a backdoor test account with the test password.. EPSS estimates a 2.00% chance of exploitation in the next 30 days.

Description

vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, and a backdoor test account with the test password.

Metrics

EPSS Probability
2.00%

78.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
Tp-LinkC2 Firmware<= 0.9.1_4.2_v0032.0_build_160706Rel.37961n
Tp-LinkC20i Firmware<= 0.9.1_4.2_v0032.0_build_160706Rel.37961n

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2017-8218?
vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, and a backdoor test account with the test password.
How severe is CVE-2017-8218?
Severity scoring for CVE-2017-8218 is pending analysis. The EPSS model estimates a 2.00% probability of exploitation in the next 30 days.
How do I fix CVE-2017-8218?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-8218?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST