VAR-201704-1323
Vulnerability from variot - Updated: 2025-04-20 23:38TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface. TP-Link C2 and C20i The device firmware contains vulnerabilities related to security functions.Information may be tampered with. TP-LinkC2 and C20i are router devices of China Pulian. TP-LinkC2 and C20i have security bypass vulnerabilities that can be exploited by remote attackers to submit special requests to bypass security restrictions and perform unauthorized operations. There is no more detailed information about this vulnerability yet, please keep an eye on CNNVD or vendor announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-1323",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "c20i",
"scope": "lte",
"trust": 1.0,
"vendor": "tp link",
"version": "0.9.1_4.2_v0032.0_build_160706"
},
{
"model": "c2",
"scope": "lte",
"trust": 1.0,
"vendor": "tp link",
"version": "0.9.1_4.2_v0032.0_build_160706"
},
{
"model": "c2",
"scope": "lte",
"trust": 0.8,
"vendor": "tp link",
"version": "0.9.1 4.2 v0032.0 build 160706 rel.37961n"
},
{
"model": "c20i",
"scope": "lte",
"trust": 0.8,
"vendor": "tp link",
"version": "0.9.1 4.2 v0032.0 build 160706 rel.37961n"
},
{
"model": "c2",
"scope": null,
"trust": 0.6,
"vendor": "tp link",
"version": null
},
{
"model": "c20i",
"scope": null,
"trust": 0.6,
"vendor": "tp link",
"version": null
},
{
"model": "c2",
"scope": "eq",
"trust": 0.6,
"vendor": "tp link",
"version": "0.9.1_4.2_v0032.0_build_160706"
},
{
"model": "c20i",
"scope": "eq",
"trust": 0.6,
"vendor": "tp link",
"version": "0.9.1_4.2_v0032.0_build_160706"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06225"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003636"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1461"
},
{
"db": "NVD",
"id": "CVE-2017-8217"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:tp-link:c2_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:c20i_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003636"
}
]
},
"cve": "CVE-2017-8217",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-8217",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-06225",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-116420",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-8217",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-8217",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-8217",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-06225",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-1461",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-116420",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06225"
},
{
"db": "VULHUB",
"id": "VHN-116420"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003636"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1461"
},
{
"db": "NVD",
"id": "CVE-2017-8217"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface. TP-Link C2 and C20i The device firmware contains vulnerabilities related to security functions.Information may be tampered with. TP-LinkC2 and C20i are router devices of China Pulian. TP-LinkC2 and C20i have security bypass vulnerabilities that can be exploited by remote attackers to submit special requests to bypass security restrictions and perform unauthorized operations. There is no more detailed information about this vulnerability yet, please keep an eye on CNNVD or vendor announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8217"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003636"
},
{
"db": "CNVD",
"id": "CNVD-2017-06225"
},
{
"db": "VULHUB",
"id": "VHN-116420"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-8217",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003636",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1461",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-06225",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-116420",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06225"
},
{
"db": "VULHUB",
"id": "VHN-116420"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003636"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1461"
},
{
"db": "NVD",
"id": "CVE-2017-8217"
}
]
},
"id": "VAR-201704-1323",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06225"
},
{
"db": "VULHUB",
"id": "VHN-116420"
}
],
"trust": 1.3666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06225"
}
]
},
"last_update_date": "2025-04-20T23:38:31.923000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Details - CVE-2017-8217 - Permissive Iptables rules",
"trust": 0.8,
"url": "https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html"
},
{
"title": "TP-LinkC2 and C20iCVE-2017-8217 security bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/93373"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06225"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003636"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.1
},
{
"problemtype": "CWE-254",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116420"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003636"
},
{
"db": "NVD",
"id": "CVE-2017-8217"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8217"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8217"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06225"
},
{
"db": "VULHUB",
"id": "VHN-116420"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003636"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1461"
},
{
"db": "NVD",
"id": "CVE-2017-8217"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-06225"
},
{
"db": "VULHUB",
"id": "VHN-116420"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003636"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1461"
},
{
"db": "NVD",
"id": "CVE-2017-8217"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-06225"
},
{
"date": "2017-04-25T00:00:00",
"db": "VULHUB",
"id": "VHN-116420"
},
{
"date": "2017-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003636"
},
{
"date": "2017-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1461"
},
{
"date": "2017-04-25T20:59:00.163000",
"db": "NVD",
"id": "CVE-2017-8217"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-06225"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-116420"
},
{
"date": "2017-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003636"
},
{
"date": "2020-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1461"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-8217"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1461"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TP-Link C2 and C20i Vulnerabilities related to security functions in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003636"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1461"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…