Vulnerabilites related to tp-link - tl-war1300l
Vulnerability from fkie_nvd
Published
2017-12-19 07:29
Modified
2024-11-21 03:18
Severity ?
Summary
TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_bydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua in uhttpd.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/L1ZhaoXin/Router-Vulnerability-Research/blob/master/Tplink_LUCI_Dhcps_Authenticated_RCE_Record.txt | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/L1ZhaoXin/Router-Vulnerability-Research/blob/master/Tplink_LUCI_Dhcps_Authenticated_RCE_Record.txt | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr450l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB72835B-95E0-4C65-997C-6FE3656F5584",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr450l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFD8A41-3C39-4DB4-B908-ED65AB27BDB7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr458l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1583550-1D76-45E8-89A9-CD1D843BB93E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr458l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93F85C46-24B2-498E-AB6F-6329EF0F3B84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr900l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F26DA2D7-B242-49D7-A54D-E8F4E8D9E1CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr900l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C4F2B2-F886-43ED-A29D-20865AA31B55",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1200l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "403F67A7-7E54-4255-9838-CDD6B9AA8266",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1200l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECE9545C-EC9B-47B0-BEA9-3B2D5109F970",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1300l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BFFF84-D7E5-475B-99E6-C93E3844CA4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1300l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBBB236-C33A-4FD7-888F-0BA9EB162B9C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1750l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A6D7B7-781F-4F3C-B9B8-0C02BD7894F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1750l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7087925-7984-44DD-A20A-8B3C87802E3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr2600l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB1C13D-F1B7-40E4-8C70-3DBFBF17671B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr2600l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2896BBB8-BA92-4B36-9BB7-E9397CDBB545",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr4300l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14C817C4-0B32-402D-909A-1DC9CA39DA1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr4300l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3E532F4-3E42-4C9F-A01A-E7EFB7B48804",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war450l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF8DEA2-F7D4-4ADC-B1F6-78A21CC75181",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war450l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF4F2966-FD95-4B94-A7FB-8021782AD170",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war458l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC78CAB2-0C24-4FF8-B758-AADDB3F24989",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war458l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBD997E-88FC-4D23-B762-331A63A29C83",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war900l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A4D9E7B-E147-4F80-8CD9-D49B023EEBC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war900l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84AB3B41-D8B1-4A0C-A5DD-5254D96D0655",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war1200l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02A26160-2484-4517-B223-40A329DAEDFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1200l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72F6A8BD-0012-48FA-B5D0-A6F03097FEA7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war1300l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B0BCD4-BE7E-4E30-8D41-5BB30EDD1F21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1300l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6AE4D9-A750-4770-A07A-FC87DCA4E840",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war1750l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87876AD9-B258-4E8E-ABF6-6704F6EEE468",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1750l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E888A70B-984E-4D7C-B324-2F0E9C8E57C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war2600l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5CD25BA-4D2F-46FE-B73B-DBFEC70F16CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war2600l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4EF035-D38D-478C-BCAA-EE96EBEC9D80",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_bydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua in uhttpd."
},
{
"lang": "es",
"value": "Los dispositivos TL-WVR y TL-WAR de TP-Link permiten que usuarios autenticados remotos ejecuten comandos arbitrarios mediante metacaracteres shell en el campo interface de un comando admin/dhcps en cgi-bin/luci. Esto se relaciona con la funci\u00f3n zone_get_iface_bydev en /usr/lib/lua/luci/controller/admin/dhcps.lua en uhttpd."
}
],
"id": "CVE-2017-17758",
"lastModified": "2024-11-21T03:18:35.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-19T07:29:00.357",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/L1ZhaoXin/Router-Vulnerability-Research/blob/master/Tplink_LUCI_Dhcps_Authenticated_RCE_Record.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/L1ZhaoXin/Router-Vulnerability-Research/blob/master/Tplink_LUCI_Dhcps_Authenticated_RCE_Record.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-27 10:29
Modified
2024-11-21 03:17
Severity ?
Summary
The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkLocalePathDisclosure.txt | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkLocalePathDisclosure.txt | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BCDDAFFA-F3A4-4B22-A4A1-E1490116F253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1D08E9-5E86-4007-9ABA-1A3DEE54DEAA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr302_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DD6098D-9452-4ADA-96F9-A7A6E9B63551",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr302:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52299E24-CBCA-49F8-90FD-D1D8E21D78FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr450_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F740E87-DEB3-4DD7-90A0-08FF079F7242",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA306AC-0231-4359-8794-BFA81D085410",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr450l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB72835B-95E0-4C65-997C-6FE3656F5584",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr450l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFD8A41-3C39-4DB4-B908-ED65AB27BDB7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr450g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E17DD853-7548-4037-A4F4-E93F4E667829",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr450g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8B9526-0627-4DF2-8273-E51A4595AA9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr458_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "982AFFBC-52BC-4921-87BB-8F0F1C31558C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr458:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B867C51B-FD51-40E1-BFFC-A9DA8A3606B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr458l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1583550-1D76-45E8-89A9-CD1D843BB93E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr458l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93F85C46-24B2-498E-AB6F-6329EF0F3B84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr458p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F3557E-AA91-4123-847A-79BB67A6571D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr458p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00C676B3-372D-4247-995A-FF025F32FDD4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr900g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7137CE99-9E89-4E49-A1F4-4458D723B4B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr900g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10038567-EC6B-40CA-94A5-302D37956EE4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr900l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F26DA2D7-B242-49D7-A54D-E8F4E8D9E1CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr900l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C4F2B2-F886-43ED-A29D-20865AA31B55",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1200l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "403F67A7-7E54-4255-9838-CDD6B9AA8266",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1200l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECE9545C-EC9B-47B0-BEA9-3B2D5109F970",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1300l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BFFF84-D7E5-475B-99E6-C93E3844CA4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1300l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBBB236-C33A-4FD7-888F-0BA9EB162B9C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1300g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B19D9121-35E3-479C-BE19-7E67DA2332C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1300g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B71C67-E001-4722-8B51-A4BB3B6ED841",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1750l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A6D7B7-781F-4F3C-B9B8-0C02BD7894F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1750l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7087925-7984-44DD-A20A-8B3C87802E3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war2600l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5CD25BA-4D2F-46FE-B73B-DBFEC70F16CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr2600l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2896BBB8-BA92-4B36-9BB7-E9397CDBB545",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr4300l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14C817C4-0B32-402D-909A-1DC9CA39DA1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr4300l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3E532F4-3E42-4C9F-A01A-E7EFB7B48804",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war302_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CE1FA23-A3C7-4F9D-B466-624448BDC9B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war302:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9FD7E97-3478-4F42-BB4A-5A1E1DD53877",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war450_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DAF676-8D9B-4689-A6AD-189E44161410",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A167020D-FEB5-42E0-8815-B7F2501D6C65",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war450l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF8DEA2-F7D4-4ADC-B1F6-78A21CC75181",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war450l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF4F2966-FD95-4B94-A7FB-8021782AD170",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war458_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7355D93-F480-4E24-A0CD-CAC3AADE454F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war458:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D950C88-8CAA-430A-A5BB-B65E4FF13074",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war458l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC78CAB2-0C24-4FF8-B758-AADDB3F24989",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war458l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBD997E-88FC-4D23-B762-331A63A29C83",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war900l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A4D9E7B-E147-4F80-8CD9-D49B023EEBC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war900l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84AB3B41-D8B1-4A0C-A5DD-5254D96D0655",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war1200l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02A26160-2484-4517-B223-40A329DAEDFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1200l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72F6A8BD-0012-48FA-B5D0-A6F03097FEA7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war1300l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B0BCD4-BE7E-4E30-8D41-5BB30EDD1F21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1300l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6AE4D9-A750-4770-A07A-FC87DCA4E840",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war1750l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87876AD9-B258-4E8E-ABF6-6704F6EEE468",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1750l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E888A70B-984E-4D7C-B324-2F0E9C8E57C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war2600l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5CD25BA-4D2F-46FE-B73B-DBFEC70F16CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war2600l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4EF035-D38D-478C-BCAA-EE96EBEC9D80",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er3210g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FECE364D-6F3C-4378-9D26-03C551F8CF54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er3210g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B525A04A-6596-482F-82B6-46B61B9D6F84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er3220g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C32F019-BC0A-4BD4-8DE7-59C8FFEAC943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er3220g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53E23FA7-5DB6-4F61-B925-C027769DDAB6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er5110g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CE6F205-6017-4855-9D3A-CCCAAF4CD326",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5110g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4F14A9A-4134-4569-ACB9-DFB23D7DBB86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er5120g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DD2CC06-2AC5-4D79-8DAB-B4D4DDEB659C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5120g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB0E248-0844-4F67-B014-0D91097D2892",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er5510g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EAAB2CB-8519-435A-8AA9-58D87BB3F50E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5510g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38918CA2-1DA6-4167-9442-F61AA3A468CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er5520g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "241C9669-8C6A-48D4-92D6-618828968B43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5520g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B0A0CE7-DF8D-4875-870F-0C511CE4350C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6110g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "504894B1-8B2B-40D3-B242-2451649FCEFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6110g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2EDF4CBE-1393-4FA3-BEC5-D70DA65FEDAF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6120g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57181C9C-4B60-4108-A414-6F2DEC8B2AD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6120g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EAC5781-46C5-4377-A558-6FA575611E29",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6220g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C871734-EAEC-4E7B-A846-1BF63E6D5061",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6220g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91196457-19D1-4A9D-93CF-31A90CA72B18",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6510g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF6DB66-3477-4BF6-A61D-6208B33CA00A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6510g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "531FB326-A000-4E69-86FC-8BC6C3B93401",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6520g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04E8F807-DF8E-46FF-864C-127853898595",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6520g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F823CD5-ABBD-41DD-9BB7-93208A3558B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er7520g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2885417-FA1E-46DA-A674-7ACAECD38DF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er7520g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE3D607F-B64A-4E11-AA80-15CF41818FB6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r473_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBBB8783-8C6F-4492-9F71-560925E7A011",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r473:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E26F55-3EFF-4EF6-A78E-637F846DC81A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r473g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1B1DAE-DEFF-4D88-AE89-81C7B9EEA262",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r473g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FAADD27-C0F7-42E0-AA3F-EA1B0E711D30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r473p-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A207AE5-DE94-4EBF-B755-B2341FA569B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r473p-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40C69293-1D3F-4965-A464-1820D5DC16C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r479gp-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F175E34-8561-40EB-A299-A38F03F5B6CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r473gp-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB4A127-4E83-47B5-B101-3AB12D7484B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r478_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96C62FAE-1F41-497D-B165-1A472E8311A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r478:-:*:*:*:*:*:*:*",
"matchCriteriaId": "572D875D-6EE8-4FF7-88B6-E44CFA1DEA5A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r478\\+_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD88F070-5506-466E-B886-587A161143A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r478\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79E0F546-6FF6-4E7B-9776-B6E6722E6673",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r478g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D0AA0C7-21F6-4059-A622-3274F3C666D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r478g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC48B20-C2B6-445D-9563-488BA4F7A8F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r478g\\+_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFF23D6-775E-45F5-B25F-64DDCFABA456",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r478g\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDAB34C-0C90-44E3-9B6B-2B4AFD5EB1C7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r479p-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E568C0-E4DF-4FDD-B8DB-327247EAAE14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r479p-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE38ED07-6E35-4836-95B3-9B20D6D6A6ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r479gp-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F175E34-8561-40EB-A299-A38F03F5B6CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r479gp-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D3D6F5-F551-41A3-8756-CD276D935C5A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r479gpe-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "026AD2C7-73E8-44AD-A9EE-F21386F88246",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r479gpe-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9891A83F-56E5-421B-A0DC-65B5B0A82979",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r483_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23F749A0-3A0A-4C63-8068-EC378A02C63E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r483:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32BC0024-4F65-4DA2-A5AB-E843466AF79B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r483g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EB95CB-10D9-4BE0-AD4C-093984A1D1C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r483g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25742B52-BE00-4BFA-BD0A-B366F12E8829",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r488_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5983B67B-609F-4127-AEBD-5AF7E486034E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r488:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31DBB40A-A190-4398-A4C8-DF042767A317",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r4149g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1235A816-60EC-4979-838B-C3E825475758",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r4149g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E999611-39E1-48C1-99CB-581FF0451FD2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r4239g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00708B72-B811-4711-8CB5-F2916C2572CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r4239g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE46823-8AB2-40B1-9765-37F645147218",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r4299g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94EEA260-A8AE-4B6E-A452-680F21A1206E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r4299g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D112855-1041-479E-ABCC-CEB0BCFDF651",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd."
},
{
"lang": "es",
"value": "La caracter\u00edstica locale en cgi-bin/luci en dispositivos TP-Link TL-WVR, TL-WAR, TL-ER y TL-R permite que usuarios autenticados remotos examinen la existencia de archivos arbitrarios haciendo una petici\u00f3n operation=write;locale=%0d y, a continuaci\u00f3n, haciendo una petici\u00f3n operation=read con una cabecera HTTP Accept-Language manipulada. Esto se relaciona con las funciones set_sysinfo y get_sysinfo en /usr/lib/lua/luci/controller/locale.lua en uhttpd."
}
],
"id": "CVE-2017-16959",
"lastModified": "2024-11-21T03:17:19.683",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-27T10:29:00.517",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkLocalePathDisclosure.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkLocalePathDisclosure.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-27 10:29
Modified
2024-11-21 03:17
Severity ?
Summary
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/101968 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkDiagnosticAuthenticatedRCE.txt | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101968 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkDiagnosticAuthenticatedRCE.txt | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BCDDAFFA-F3A4-4B22-A4A1-E1490116F253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1D08E9-5E86-4007-9ABA-1A3DEE54DEAA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr302_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DD6098D-9452-4ADA-96F9-A7A6E9B63551",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr302:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52299E24-CBCA-49F8-90FD-D1D8E21D78FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr450_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F740E87-DEB3-4DD7-90A0-08FF079F7242",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA306AC-0231-4359-8794-BFA81D085410",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr450l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB72835B-95E0-4C65-997C-6FE3656F5584",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr450l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFD8A41-3C39-4DB4-B908-ED65AB27BDB7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr450g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E17DD853-7548-4037-A4F4-E93F4E667829",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr450g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8B9526-0627-4DF2-8273-E51A4595AA9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr458_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "982AFFBC-52BC-4921-87BB-8F0F1C31558C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr458:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B867C51B-FD51-40E1-BFFC-A9DA8A3606B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr458l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1583550-1D76-45E8-89A9-CD1D843BB93E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr458l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93F85C46-24B2-498E-AB6F-6329EF0F3B84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr458p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F3557E-AA91-4123-847A-79BB67A6571D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr458p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00C676B3-372D-4247-995A-FF025F32FDD4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr900g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7137CE99-9E89-4E49-A1F4-4458D723B4B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr900g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10038567-EC6B-40CA-94A5-302D37956EE4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr900l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F26DA2D7-B242-49D7-A54D-E8F4E8D9E1CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr900l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C4F2B2-F886-43ED-A29D-20865AA31B55",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1200l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "403F67A7-7E54-4255-9838-CDD6B9AA8266",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1200l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECE9545C-EC9B-47B0-BEA9-3B2D5109F970",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1300l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BFFF84-D7E5-475B-99E6-C93E3844CA4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1300l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBBB236-C33A-4FD7-888F-0BA9EB162B9C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1300g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B19D9121-35E3-479C-BE19-7E67DA2332C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1300g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B71C67-E001-4722-8B51-A4BB3B6ED841",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1750l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A6D7B7-781F-4F3C-B9B8-0C02BD7894F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1750l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7087925-7984-44DD-A20A-8B3C87802E3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war2600l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5CD25BA-4D2F-46FE-B73B-DBFEC70F16CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr2600l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2896BBB8-BA92-4B36-9BB7-E9397CDBB545",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr4300l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14C817C4-0B32-402D-909A-1DC9CA39DA1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr4300l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3E532F4-3E42-4C9F-A01A-E7EFB7B48804",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war302_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CE1FA23-A3C7-4F9D-B466-624448BDC9B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war302:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9FD7E97-3478-4F42-BB4A-5A1E1DD53877",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war450_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DAF676-8D9B-4689-A6AD-189E44161410",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A167020D-FEB5-42E0-8815-B7F2501D6C65",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war450l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF8DEA2-F7D4-4ADC-B1F6-78A21CC75181",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war450l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF4F2966-FD95-4B94-A7FB-8021782AD170",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war458_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7355D93-F480-4E24-A0CD-CAC3AADE454F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war458:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D950C88-8CAA-430A-A5BB-B65E4FF13074",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war458l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC78CAB2-0C24-4FF8-B758-AADDB3F24989",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war458l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBD997E-88FC-4D23-B762-331A63A29C83",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war900l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A4D9E7B-E147-4F80-8CD9-D49B023EEBC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war900l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84AB3B41-D8B1-4A0C-A5DD-5254D96D0655",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war1200l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02A26160-2484-4517-B223-40A329DAEDFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1200l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72F6A8BD-0012-48FA-B5D0-A6F03097FEA7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war1300l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B0BCD4-BE7E-4E30-8D41-5BB30EDD1F21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1300l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6AE4D9-A750-4770-A07A-FC87DCA4E840",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war1750l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87876AD9-B258-4E8E-ABF6-6704F6EEE468",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1750l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E888A70B-984E-4D7C-B324-2F0E9C8E57C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war2600l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5CD25BA-4D2F-46FE-B73B-DBFEC70F16CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war2600l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4EF035-D38D-478C-BCAA-EE96EBEC9D80",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er3210g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FECE364D-6F3C-4378-9D26-03C551F8CF54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er3210g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B525A04A-6596-482F-82B6-46B61B9D6F84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er3220g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C32F019-BC0A-4BD4-8DE7-59C8FFEAC943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er3220g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53E23FA7-5DB6-4F61-B925-C027769DDAB6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er5110g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CE6F205-6017-4855-9D3A-CCCAAF4CD326",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5110g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4F14A9A-4134-4569-ACB9-DFB23D7DBB86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er5120g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DD2CC06-2AC5-4D79-8DAB-B4D4DDEB659C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5120g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB0E248-0844-4F67-B014-0D91097D2892",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er5510g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EAAB2CB-8519-435A-8AA9-58D87BB3F50E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5510g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38918CA2-1DA6-4167-9442-F61AA3A468CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er5520g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "241C9669-8C6A-48D4-92D6-618828968B43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5520g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B0A0CE7-DF8D-4875-870F-0C511CE4350C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6110g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "504894B1-8B2B-40D3-B242-2451649FCEFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6110g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2EDF4CBE-1393-4FA3-BEC5-D70DA65FEDAF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6120g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57181C9C-4B60-4108-A414-6F2DEC8B2AD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6120g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EAC5781-46C5-4377-A558-6FA575611E29",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6220g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C871734-EAEC-4E7B-A846-1BF63E6D5061",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6220g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91196457-19D1-4A9D-93CF-31A90CA72B18",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6510g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF6DB66-3477-4BF6-A61D-6208B33CA00A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6510g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "531FB326-A000-4E69-86FC-8BC6C3B93401",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6520g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04E8F807-DF8E-46FF-864C-127853898595",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6520g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F823CD5-ABBD-41DD-9BB7-93208A3558B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er7520g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2885417-FA1E-46DA-A674-7ACAECD38DF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er7520g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE3D607F-B64A-4E11-AA80-15CF41818FB6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r473_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBBB8783-8C6F-4492-9F71-560925E7A011",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r473:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E26F55-3EFF-4EF6-A78E-637F846DC81A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r473g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1B1DAE-DEFF-4D88-AE89-81C7B9EEA262",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r473g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FAADD27-C0F7-42E0-AA3F-EA1B0E711D30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r473p-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A207AE5-DE94-4EBF-B755-B2341FA569B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r473p-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40C69293-1D3F-4965-A464-1820D5DC16C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r479gp-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F175E34-8561-40EB-A299-A38F03F5B6CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r473gp-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB4A127-4E83-47B5-B101-3AB12D7484B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r478_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96C62FAE-1F41-497D-B165-1A472E8311A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r478:-:*:*:*:*:*:*:*",
"matchCriteriaId": "572D875D-6EE8-4FF7-88B6-E44CFA1DEA5A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r478\\+_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD88F070-5506-466E-B886-587A161143A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r478\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79E0F546-6FF6-4E7B-9776-B6E6722E6673",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r478g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D0AA0C7-21F6-4059-A622-3274F3C666D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r478g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC48B20-C2B6-445D-9563-488BA4F7A8F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r478g\\+_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFF23D6-775E-45F5-B25F-64DDCFABA456",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r478g\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDAB34C-0C90-44E3-9B6B-2B4AFD5EB1C7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r479p-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E568C0-E4DF-4FDD-B8DB-327247EAAE14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r479p-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE38ED07-6E35-4836-95B3-9B20D6D6A6ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r479gp-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F175E34-8561-40EB-A299-A38F03F5B6CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r479gp-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D3D6F5-F551-41A3-8756-CD276D935C5A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r479gpe-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "026AD2C7-73E8-44AD-A9EE-F21386F88246",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r479gpe-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9891A83F-56E5-421B-A0DC-65B5B0A82979",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r483_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23F749A0-3A0A-4C63-8068-EC378A02C63E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r483:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32BC0024-4F65-4DA2-A5AB-E843466AF79B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r483g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EB95CB-10D9-4BE0-AD4C-093984A1D1C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r483g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25742B52-BE00-4BFA-BD0A-B366F12E8829",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r488_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5983B67B-609F-4127-AEBD-5AF7E486034E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r488:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31DBB40A-A190-4398-A4C8-DF042767A317",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r4149g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1235A816-60EC-4979-838B-C3E825475758",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r4149g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E999611-39E1-48C1-99CB-581FF0451FD2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r4239g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00708B72-B811-4711-8CB5-F2916C2572CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r4239g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE46823-8AB2-40B1-9765-37F645147218",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r4299g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94EEA260-A8AE-4B6E-A452-680F21A1206E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r4299g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D112855-1041-479E-ABCC-CEB0BCFDF651",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd."
},
{
"lang": "es",
"value": "Los dispositivos TP-Link TL-WVR, TL-WAR, TL-ER y TL-R permiten que usuarios autenticados remotos ejecuten comandos arbitrarios mediante metacaracteres shell en el campo iface de un comando admin/diagnostic en cgi-bin/luci. Esto se relaciona con la funci\u00f3n zone_get_effect_devices en /usr/lib/lua/luci/controller/admin/diagnostic.lua en uhttpd."
}
],
"id": "CVE-2017-16957",
"lastModified": "2024-11-21T03:17:19.277",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-27T10:29:00.440",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101968"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkDiagnosticAuthenticatedRCE.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkDiagnosticAuthenticatedRCE.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-27 10:29
Modified
2024-11-21 03:17
Severity ?
Summary
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/bridge.lua in uhttpd.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkBridgeAuthenticatedRCE.txt | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkBridgeAuthenticatedRCE.txt | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BCDDAFFA-F3A4-4B22-A4A1-E1490116F253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1D08E9-5E86-4007-9ABA-1A3DEE54DEAA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr302_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DD6098D-9452-4ADA-96F9-A7A6E9B63551",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr302:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52299E24-CBCA-49F8-90FD-D1D8E21D78FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr450_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F740E87-DEB3-4DD7-90A0-08FF079F7242",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA306AC-0231-4359-8794-BFA81D085410",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr450l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB72835B-95E0-4C65-997C-6FE3656F5584",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr450l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFD8A41-3C39-4DB4-B908-ED65AB27BDB7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr450g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E17DD853-7548-4037-A4F4-E93F4E667829",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr450g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8B9526-0627-4DF2-8273-E51A4595AA9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr458_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "982AFFBC-52BC-4921-87BB-8F0F1C31558C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr458:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B867C51B-FD51-40E1-BFFC-A9DA8A3606B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr458l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1583550-1D76-45E8-89A9-CD1D843BB93E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr458l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93F85C46-24B2-498E-AB6F-6329EF0F3B84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr458p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F3557E-AA91-4123-847A-79BB67A6571D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr458p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00C676B3-372D-4247-995A-FF025F32FDD4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr900g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7137CE99-9E89-4E49-A1F4-4458D723B4B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr900g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10038567-EC6B-40CA-94A5-302D37956EE4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr900l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F26DA2D7-B242-49D7-A54D-E8F4E8D9E1CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr900l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C4F2B2-F886-43ED-A29D-20865AA31B55",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1200l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "403F67A7-7E54-4255-9838-CDD6B9AA8266",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1200l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECE9545C-EC9B-47B0-BEA9-3B2D5109F970",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1300l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BFFF84-D7E5-475B-99E6-C93E3844CA4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1300l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBBB236-C33A-4FD7-888F-0BA9EB162B9C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1300g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B19D9121-35E3-479C-BE19-7E67DA2332C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1300g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B71C67-E001-4722-8B51-A4BB3B6ED841",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1750l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A6D7B7-781F-4F3C-B9B8-0C02BD7894F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1750l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7087925-7984-44DD-A20A-8B3C87802E3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war2600l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5CD25BA-4D2F-46FE-B73B-DBFEC70F16CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr2600l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2896BBB8-BA92-4B36-9BB7-E9397CDBB545",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr4300l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14C817C4-0B32-402D-909A-1DC9CA39DA1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr4300l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3E532F4-3E42-4C9F-A01A-E7EFB7B48804",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war302_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CE1FA23-A3C7-4F9D-B466-624448BDC9B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war302:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9FD7E97-3478-4F42-BB4A-5A1E1DD53877",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war450_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DAF676-8D9B-4689-A6AD-189E44161410",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A167020D-FEB5-42E0-8815-B7F2501D6C65",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war450l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF8DEA2-F7D4-4ADC-B1F6-78A21CC75181",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war450l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF4F2966-FD95-4B94-A7FB-8021782AD170",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war458_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7355D93-F480-4E24-A0CD-CAC3AADE454F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war458:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D950C88-8CAA-430A-A5BB-B65E4FF13074",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war458l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC78CAB2-0C24-4FF8-B758-AADDB3F24989",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war458l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBD997E-88FC-4D23-B762-331A63A29C83",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war900l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A4D9E7B-E147-4F80-8CD9-D49B023EEBC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war900l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84AB3B41-D8B1-4A0C-A5DD-5254D96D0655",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war1200l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02A26160-2484-4517-B223-40A329DAEDFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1200l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72F6A8BD-0012-48FA-B5D0-A6F03097FEA7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war1300l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B0BCD4-BE7E-4E30-8D41-5BB30EDD1F21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1300l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6AE4D9-A750-4770-A07A-FC87DCA4E840",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war1750l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87876AD9-B258-4E8E-ABF6-6704F6EEE468",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1750l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E888A70B-984E-4D7C-B324-2F0E9C8E57C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war2600l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5CD25BA-4D2F-46FE-B73B-DBFEC70F16CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war2600l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4EF035-D38D-478C-BCAA-EE96EBEC9D80",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er3210g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FECE364D-6F3C-4378-9D26-03C551F8CF54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er3210g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B525A04A-6596-482F-82B6-46B61B9D6F84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er3220g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C32F019-BC0A-4BD4-8DE7-59C8FFEAC943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er3220g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53E23FA7-5DB6-4F61-B925-C027769DDAB6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er5110g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CE6F205-6017-4855-9D3A-CCCAAF4CD326",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5110g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4F14A9A-4134-4569-ACB9-DFB23D7DBB86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er5120g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DD2CC06-2AC5-4D79-8DAB-B4D4DDEB659C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5120g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB0E248-0844-4F67-B014-0D91097D2892",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er5510g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EAAB2CB-8519-435A-8AA9-58D87BB3F50E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5510g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38918CA2-1DA6-4167-9442-F61AA3A468CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er5520g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "241C9669-8C6A-48D4-92D6-618828968B43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5520g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B0A0CE7-DF8D-4875-870F-0C511CE4350C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6110g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "504894B1-8B2B-40D3-B242-2451649FCEFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6110g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2EDF4CBE-1393-4FA3-BEC5-D70DA65FEDAF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6120g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57181C9C-4B60-4108-A414-6F2DEC8B2AD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6120g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EAC5781-46C5-4377-A558-6FA575611E29",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6220g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C871734-EAEC-4E7B-A846-1BF63E6D5061",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6220g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91196457-19D1-4A9D-93CF-31A90CA72B18",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6510g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF6DB66-3477-4BF6-A61D-6208B33CA00A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6510g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "531FB326-A000-4E69-86FC-8BC6C3B93401",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6520g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04E8F807-DF8E-46FF-864C-127853898595",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6520g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F823CD5-ABBD-41DD-9BB7-93208A3558B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er7520g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2885417-FA1E-46DA-A674-7ACAECD38DF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er7520g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE3D607F-B64A-4E11-AA80-15CF41818FB6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r473_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBBB8783-8C6F-4492-9F71-560925E7A011",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r473:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E26F55-3EFF-4EF6-A78E-637F846DC81A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r473g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1B1DAE-DEFF-4D88-AE89-81C7B9EEA262",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r473g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FAADD27-C0F7-42E0-AA3F-EA1B0E711D30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r473p-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A207AE5-DE94-4EBF-B755-B2341FA569B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r473p-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40C69293-1D3F-4965-A464-1820D5DC16C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r479gp-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F175E34-8561-40EB-A299-A38F03F5B6CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r473gp-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB4A127-4E83-47B5-B101-3AB12D7484B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r478_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96C62FAE-1F41-497D-B165-1A472E8311A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r478:-:*:*:*:*:*:*:*",
"matchCriteriaId": "572D875D-6EE8-4FF7-88B6-E44CFA1DEA5A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r478\\+_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD88F070-5506-466E-B886-587A161143A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r478\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79E0F546-6FF6-4E7B-9776-B6E6722E6673",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r478g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D0AA0C7-21F6-4059-A622-3274F3C666D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r478g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC48B20-C2B6-445D-9563-488BA4F7A8F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r478g\\+_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFF23D6-775E-45F5-B25F-64DDCFABA456",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r478g\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDAB34C-0C90-44E3-9B6B-2B4AFD5EB1C7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r479p-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E568C0-E4DF-4FDD-B8DB-327247EAAE14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r479p-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE38ED07-6E35-4836-95B3-9B20D6D6A6ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r479gp-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F175E34-8561-40EB-A299-A38F03F5B6CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r479gp-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D3D6F5-F551-41A3-8756-CD276D935C5A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r479gpe-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "026AD2C7-73E8-44AD-A9EE-F21386F88246",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r479gpe-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9891A83F-56E5-421B-A0DC-65B5B0A82979",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r483_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23F749A0-3A0A-4C63-8068-EC378A02C63E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r483:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32BC0024-4F65-4DA2-A5AB-E843466AF79B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r483g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EB95CB-10D9-4BE0-AD4C-093984A1D1C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r483g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25742B52-BE00-4BFA-BD0A-B366F12E8829",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r488_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5983B67B-609F-4127-AEBD-5AF7E486034E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r488:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31DBB40A-A190-4398-A4C8-DF042767A317",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r4149g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1235A816-60EC-4979-838B-C3E825475758",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r4149g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E999611-39E1-48C1-99CB-581FF0451FD2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r4239g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00708B72-B811-4711-8CB5-F2916C2572CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r4239g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE46823-8AB2-40B1-9765-37F645147218",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r4299g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94EEA260-A8AE-4B6E-A452-680F21A1206E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r4299g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D112855-1041-479E-ABCC-CEB0BCFDF651",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/bridge.lua in uhttpd."
},
{
"lang": "es",
"value": "Los dispositivos TP-Link TL-WVR, TL-WAR, TL-ER y TL-R permiten que usuarios autenticados remotos ejecuten comandos arbitrarios mediante metacaracteres shell en el campo t_bindif de un comando admin/bridge en cgi-bin/luci. Esto se relaciona con la funci\u00f3n get_device_byif en /usr/lib/lua/luci/controller/admin/bridge.lua en uhttpd."
}
],
"id": "CVE-2017-16958",
"lastModified": "2024-11-21T03:17:19.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-27T10:29:00.487",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkBridgeAuthenticatedRCE.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkBridgeAuthenticatedRCE.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-19 07:29
Modified
2024-11-21 03:18
Severity ?
Summary
TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua in uhttpd.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/L1ZhaoXin/Router-Vulnerability-Research/blob/master/Tplink_LUCI_Wechat_Authenticated_RCE_Record.txt | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/L1ZhaoXin/Router-Vulnerability-Research/blob/master/Tplink_LUCI_Wechat_Authenticated_RCE_Record.txt | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr450l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB72835B-95E0-4C65-997C-6FE3656F5584",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr450l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFD8A41-3C39-4DB4-B908-ED65AB27BDB7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr458l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1583550-1D76-45E8-89A9-CD1D843BB93E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr458l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93F85C46-24B2-498E-AB6F-6329EF0F3B84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr900l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F26DA2D7-B242-49D7-A54D-E8F4E8D9E1CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr900l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C4F2B2-F886-43ED-A29D-20865AA31B55",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1200l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "403F67A7-7E54-4255-9838-CDD6B9AA8266",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1200l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECE9545C-EC9B-47B0-BEA9-3B2D5109F970",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1300l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BFFF84-D7E5-475B-99E6-C93E3844CA4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1300l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBBB236-C33A-4FD7-888F-0BA9EB162B9C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1750l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A6D7B7-781F-4F3C-B9B8-0C02BD7894F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1750l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7087925-7984-44DD-A20A-8B3C87802E3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr2600l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB1C13D-F1B7-40E4-8C70-3DBFBF17671B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr2600l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2896BBB8-BA92-4B36-9BB7-E9397CDBB545",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr4300l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14C817C4-0B32-402D-909A-1DC9CA39DA1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr4300l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3E532F4-3E42-4C9F-A01A-E7EFB7B48804",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war450l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF8DEA2-F7D4-4ADC-B1F6-78A21CC75181",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war450l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF4F2966-FD95-4B94-A7FB-8021782AD170",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war458l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC78CAB2-0C24-4FF8-B758-AADDB3F24989",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war458l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBD997E-88FC-4D23-B762-331A63A29C83",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war900l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A4D9E7B-E147-4F80-8CD9-D49B023EEBC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war900l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84AB3B41-D8B1-4A0C-A5DD-5254D96D0655",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war1200l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02A26160-2484-4517-B223-40A329DAEDFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1200l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72F6A8BD-0012-48FA-B5D0-A6F03097FEA7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war1300l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B0BCD4-BE7E-4E30-8D41-5BB30EDD1F21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1300l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6AE4D9-A750-4770-A07A-FC87DCA4E840",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war1750l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87876AD9-B258-4E8E-ABF6-6704F6EEE468",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1750l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E888A70B-984E-4D7C-B324-2F0E9C8E57C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war2600l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5CD25BA-4D2F-46FE-B73B-DBFEC70F16CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war2600l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4EF035-D38D-478C-BCAA-EE96EBEC9D80",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua in uhttpd."
},
{
"lang": "es",
"value": "Los dispositivos TL-WVR y TL-WAR de TP-Link permiten que usuarios autenticados remotos ejecuten comandos arbitrarios mediante metacaracteres shell en el campo interface de un comando admin/wportal en cgi-bin/luci. Esto se relaciona con la funci\u00f3n get_device_byif en /usr/lib/lua/luci/controller/admin/wportal.lua en uhttpd."
}
],
"id": "CVE-2017-17757",
"lastModified": "2024-11-21T03:18:35.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-19T07:29:00.200",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/L1ZhaoXin/Router-Vulnerability-Research/blob/master/Tplink_LUCI_Wechat_Authenticated_RCE_Record.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/L1ZhaoXin/Router-Vulnerability-Research/blob/master/Tplink_LUCI_Wechat_Authenticated_RCE_Record.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-27 10:29
Modified
2024-11-21 03:17
Severity ?
Summary
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5510g:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "D24328C0-9611-4789-93B5-B60268A58238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-er5510g:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D6B49A-76DE-4F4D-8769-6B57F0F07FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-er5520g:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "F462B7E8-30CA-43B7-B0AD-6BFF31390FB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-er5520g:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "C8CDB038-0534-472F-8900-1209E460B3AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-er6120g:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "78E2DC44-0319-4268-8912-25AD0F9FE867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-er6520g:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "E523045C-0C72-4C15-A777-CD80D01C9C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-er6520g:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "024E082F-16C4-4393-9B7D-60B2C0BC8FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-r4239g:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "1DEC78BE-3E4A-40D8-8064-A5B05AE50341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-r4299g:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "53D70E3D-9214-4446-AFE1-31F6B9AE5F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-r473:v5:*:*:*:*:*:*:*",
"matchCriteriaId": "D7DA7575-DE2E-4025-8FD5-403EE32C516F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-r478:v6:*:*:*:*:*:*:*",
"matchCriteriaId": "0D854EDA-5393-43CA-B088-6132EE0550F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-r478\\+:v7:*:*:*:*:*:*:*",
"matchCriteriaId": "E85E0A1B-A7AF-4E29-A7CE-B48B4D41EC11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-r478g\\+:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "8F5A5A9E-8D88-4AFE-8EB9-F7196C934923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-r483:v5:*:*:*:*:*:*:*",
"matchCriteriaId": "65C14007-6D98-4F55-9D7B-6B14E951DA75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-r483g:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "986C07E3-9DE4-485B-BC5E-67F266C6E5FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-r488:v5:*:*:*:*:*:*:*",
"matchCriteriaId": "8EEFEFB8-AED4-4C83-86D3-CE9502C5B36A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr300:v4:*:*:*:*:*:*:*",
"matchCriteriaId": "A96652E8-10EA-4B5E-BD64-1853672696B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr302:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "FBE70EF0-508C-4F34-829C-0B30FAA96E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr450g:v5:*:*:*:*:*:*:*",
"matchCriteriaId": "473671D0-D0C9-4D36-AE5E-E63A5EBA0C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr900g:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "8344CA75-15D5-4106-80DF-4772C1C0D3B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr450_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F740E87-DEB3-4DD7-90A0-08FF079F7242",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA306AC-0231-4359-8794-BFA81D085410",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr450l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB72835B-95E0-4C65-997C-6FE3656F5584",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr450l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFD8A41-3C39-4DB4-B908-ED65AB27BDB7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr458_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "982AFFBC-52BC-4921-87BB-8F0F1C31558C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr458:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B867C51B-FD51-40E1-BFFC-A9DA8A3606B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr458l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1583550-1D76-45E8-89A9-CD1D843BB93E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr458l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93F85C46-24B2-498E-AB6F-6329EF0F3B84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr458p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F3557E-AA91-4123-847A-79BB67A6571D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr458p:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F47FC91-5861-465F-BF05-8C666B818722",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr900l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F26DA2D7-B242-49D7-A54D-E8F4E8D9E1CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr900l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C4F2B2-F886-43ED-A29D-20865AA31B55",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1200l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "403F67A7-7E54-4255-9838-CDD6B9AA8266",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1200l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECE9545C-EC9B-47B0-BEA9-3B2D5109F970",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1300l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BFFF84-D7E5-475B-99E6-C93E3844CA4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1300l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBBB236-C33A-4FD7-888F-0BA9EB162B9C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1300g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B19D9121-35E3-479C-BE19-7E67DA2332C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1300g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D45A711-B6FD-48A4-B455-286F80DE221B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1750l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A6D7B7-781F-4F3C-B9B8-0C02BD7894F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1750l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7087925-7984-44DD-A20A-8B3C87802E3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr2600l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB1C13D-F1B7-40E4-8C70-3DBFBF17671B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr2600l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2896BBB8-BA92-4B36-9BB7-E9397CDBB545",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr4300l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14C817C4-0B32-402D-909A-1DC9CA39DA1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr4300l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3E532F4-3E42-4C9F-A01A-E7EFB7B48804",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war302_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CE1FA23-A3C7-4F9D-B466-624448BDC9B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war302:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9FD7E97-3478-4F42-BB4A-5A1E1DD53877",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war450_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DAF676-8D9B-4689-A6AD-189E44161410",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A167020D-FEB5-42E0-8815-B7F2501D6C65",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war450l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF8DEA2-F7D4-4ADC-B1F6-78A21CC75181",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war450l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF4F2966-FD95-4B94-A7FB-8021782AD170",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war458_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7355D93-F480-4E24-A0CD-CAC3AADE454F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war458:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D950C88-8CAA-430A-A5BB-B65E4FF13074",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war458l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC78CAB2-0C24-4FF8-B758-AADDB3F24989",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war458l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBD997E-88FC-4D23-B762-331A63A29C83",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war900l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A4D9E7B-E147-4F80-8CD9-D49B023EEBC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war900l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84AB3B41-D8B1-4A0C-A5DD-5254D96D0655",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war1200l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02A26160-2484-4517-B223-40A329DAEDFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1200l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72F6A8BD-0012-48FA-B5D0-A6F03097FEA7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war1300l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B0BCD4-BE7E-4E30-8D41-5BB30EDD1F21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1300l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6AE4D9-A750-4770-A07A-FC87DCA4E840",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war1750l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87876AD9-B258-4E8E-ABF6-6704F6EEE468",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1750l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E888A70B-984E-4D7C-B324-2F0E9C8E57C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war2600l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5CD25BA-4D2F-46FE-B73B-DBFEC70F16CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war2600l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4EF035-D38D-478C-BCAA-EE96EBEC9D80",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er3210g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FECE364D-6F3C-4378-9D26-03C551F8CF54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er3210g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B525A04A-6596-482F-82B6-46B61B9D6F84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er3220g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6FA6F6-2417-47D9-A4B8-E764C052A723",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er3220g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53E23FA7-5DB6-4F61-B925-C027769DDAB6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er5110g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CE6F205-6017-4855-9D3A-CCCAAF4CD326",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5110g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4F14A9A-4134-4569-ACB9-DFB23D7DBB86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er5120g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DD2CC06-2AC5-4D79-8DAB-B4D4DDEB659C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5120g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB0E248-0844-4F67-B014-0D91097D2892",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6110g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "504894B1-8B2B-40D3-B242-2451649FCEFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6110g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2EDF4CBE-1393-4FA3-BEC5-D70DA65FEDAF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6220g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C871734-EAEC-4E7B-A846-1BF63E6D5061",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6220g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91196457-19D1-4A9D-93CF-31A90CA72B18",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6510g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF6DB66-3477-4BF6-A61D-6208B33CA00A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6510g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "531FB326-A000-4E69-86FC-8BC6C3B93401",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er7520g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2885417-FA1E-46DA-A674-7ACAECD38DF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er7520g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE3D607F-B64A-4E11-AA80-15CF41818FB6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r473g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1B1DAE-DEFF-4D88-AE89-81C7B9EEA262",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r473g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FAADD27-C0F7-42E0-AA3F-EA1B0E711D30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r473p-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A207AE5-DE94-4EBF-B755-B2341FA569B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r473p-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40C69293-1D3F-4965-A464-1820D5DC16C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r473gp-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E70455-DFCC-49C1-9754-0422DB8AB12C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r473gp-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB4A127-4E83-47B5-B101-3AB12D7484B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r478g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D0AA0C7-21F6-4059-A622-3274F3C666D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r478g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC48B20-C2B6-445D-9563-488BA4F7A8F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r478g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D0AA0C7-21F6-4059-A622-3274F3C666D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r478g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC48B20-C2B6-445D-9563-488BA4F7A8F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r479p-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E568C0-E4DF-4FDD-B8DB-327247EAAE14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r479p-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE38ED07-6E35-4836-95B3-9B20D6D6A6ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r479gp-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F175E34-8561-40EB-A299-A38F03F5B6CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r479gp-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D3D6F5-F551-41A3-8756-CD276D935C5A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r479gpe-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "026AD2C7-73E8-44AD-A9EE-F21386F88246",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r479gpe-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9891A83F-56E5-421B-A0DC-65B5B0A82979",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r4149g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1235A816-60EC-4979-838B-C3E825475758",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r4149g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E999611-39E1-48C1-99CB-581FF0451FD2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd."
},
{
"lang": "es",
"value": "Los dispositivos TP-Link TL-WVR, TL-WAR, TL-ER y TL-R permiten que usuarios autenticados remotos ejecuten comandos arbitrarios mediante metacaracteres shell en el campo t_bindif de un comando admin/interface en cgi-bin/luci. Esto se relaciona con la funci\u00f3n get_device_byif en /usr/lib/lua/luci/controller/admin/interface.lua en uhttpd."
}
],
"id": "CVE-2017-16960",
"lastModified": "2024-11-21T03:17:19.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-27T10:29:00.547",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkInterfaceAuthenticatedRCE.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkInterfaceAuthenticatedRCE.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2017-17757
Vulnerability from cvelistv5
Published
2017-12-19 07:00
Modified
2024-08-05 20:59
Severity ?
EPSS score ?
Summary
TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua in uhttpd.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:59:17.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/L1ZhaoXin/Router-Vulnerability-Research/blob/master/Tplink_LUCI_Wechat_Authenticated_RCE_Record.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua in uhttpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-19T07:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/L1ZhaoXin/Router-Vulnerability-Research/blob/master/Tplink_LUCI_Wechat_Authenticated_RCE_Record.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua in uhttpd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/L1ZhaoXin/Router-Vulnerability-Research/blob/master/Tplink_LUCI_Wechat_Authenticated_RCE_Record.txt",
"refsource": "MISC",
"url": "https://github.com/L1ZhaoXin/Router-Vulnerability-Research/blob/master/Tplink_LUCI_Wechat_Authenticated_RCE_Record.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17757",
"datePublished": "2017-12-19T07:00:00",
"dateReserved": "2017-12-19T00:00:00",
"dateUpdated": "2024-08-05T20:59:17.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-16960
Vulnerability from cvelistv5
Published
2017-11-27 10:00
Modified
2024-08-05 20:43
Severity ?
EPSS score ?
Summary
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkInterfaceAuthenticatedRCE.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-27T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkInterfaceAuthenticatedRCE.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkInterfaceAuthenticatedRCE.txt",
"refsource": "MISC",
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkInterfaceAuthenticatedRCE.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16960",
"datePublished": "2017-11-27T10:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T20:43:59.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-16958
Vulnerability from cvelistv5
Published
2017-11-27 10:00
Modified
2024-08-05 20:43
Severity ?
EPSS score ?
Summary
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/bridge.lua in uhttpd.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:57.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkBridgeAuthenticatedRCE.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/bridge.lua in uhttpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-27T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkBridgeAuthenticatedRCE.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/bridge.lua in uhttpd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkBridgeAuthenticatedRCE.txt",
"refsource": "MISC",
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkBridgeAuthenticatedRCE.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16958",
"datePublished": "2017-11-27T10:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T20:43:57.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-16957
Vulnerability from cvelistv5
Published
2017-11-27 10:00
Modified
2024-08-05 20:43
Severity ?
EPSS score ?
Summary
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/101968 | vdb-entry, x_refsource_BID | |
| https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkDiagnosticAuthenticatedRCE.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:57.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101968",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101968"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkDiagnosticAuthenticatedRCE.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-29T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "101968",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101968"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkDiagnosticAuthenticatedRCE.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101968",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101968"
},
{
"name": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkDiagnosticAuthenticatedRCE.txt",
"refsource": "MISC",
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkDiagnosticAuthenticatedRCE.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16957",
"datePublished": "2017-11-27T10:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T20:43:57.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-16959
Vulnerability from cvelistv5
Published
2017-11-27 10:00
Modified
2024-08-05 20:43
Severity ?
EPSS score ?
Summary
The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:57.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkLocalePathDisclosure.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-27T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkLocalePathDisclosure.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkLocalePathDisclosure.txt",
"refsource": "MISC",
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkLocalePathDisclosure.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16959",
"datePublished": "2017-11-27T10:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T20:43:57.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-17758
Vulnerability from cvelistv5
Published
2017-12-19 07:00
Modified
2024-08-05 20:59
Severity ?
EPSS score ?
Summary
TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_bydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua in uhttpd.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:59:17.724Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/L1ZhaoXin/Router-Vulnerability-Research/blob/master/Tplink_LUCI_Dhcps_Authenticated_RCE_Record.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_bydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua in uhttpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-19T07:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/L1ZhaoXin/Router-Vulnerability-Research/blob/master/Tplink_LUCI_Dhcps_Authenticated_RCE_Record.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_bydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua in uhttpd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/L1ZhaoXin/Router-Vulnerability-Research/blob/master/Tplink_LUCI_Dhcps_Authenticated_RCE_Record.txt",
"refsource": "MISC",
"url": "https://github.com/L1ZhaoXin/Router-Vulnerability-Research/blob/master/Tplink_LUCI_Dhcps_Authenticated_RCE_Record.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17758",
"datePublished": "2017-12-19T07:00:00",
"dateReserved": "2017-12-19T00:00:00",
"dateUpdated": "2024-08-05T20:59:17.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}