CVE-2017-11519
NONE9.8CVSS v3
5.0CVSS v2
13.24%
EPSS (exploit probability)
CWE-335CWE
Description
passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. This is fixed in C9(UN)_V2_170511.
CVSS v3 vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected routers (1)
| Vendor | Model | Matched via | Affected versions | Fixed in | Patch? |
|---|---|---|---|---|---|
| TP-Link | TP-Link Archer C9 | — |
— | — | No |