// For flags

CVE-2017-17757

 

Severity Score

8.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua in uhttpd.

Los dispositivos TL-WVR y TL-WAR de TP-Link permiten que usuarios autenticados remotos ejecuten comandos arbitrarios mediante metacaracteres shell en el campo interface de un comando admin/wportal en cgi-bin/luci. Esto se relaciona con la funciĆ³n get_device_byif en /usr/lib/lua/luci/controller/admin/wportal.lua en uhttpd.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-12-19 CVE Reserved
  • 2017-12-19 CVE Published
  • 2024-02-14 EPSS Updated
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Tp-link
Search vendor "Tp-link"
Tl-wvr450l Firmware
Search vendor "Tp-link" for product "Tl-wvr450l Firmware"
--
Affected
in Tp-link
Search vendor "Tp-link"
Tl-wvr450l
Search vendor "Tp-link" for product "Tl-wvr450l"
--
Safe
Tp-link
Search vendor "Tp-link"
Tl-wvr458l Firmware
Search vendor "Tp-link" for product "Tl-wvr458l Firmware"
--
Affected
in Tp-link
Search vendor "Tp-link"
Tl-wvr458l
Search vendor "Tp-link" for product "Tl-wvr458l"
--
Safe
Tp-link
Search vendor "Tp-link"
Tl-wvr900l Firmware
Search vendor "Tp-link" for product "Tl-wvr900l Firmware"
--
Affected
in Tp-link
Search vendor "Tp-link"
Tl-wvr900l
Search vendor "Tp-link" for product "Tl-wvr900l"
--
Safe
Tp-link
Search vendor "Tp-link"
Tl-wvr1200l Firmware
Search vendor "Tp-link" for product "Tl-wvr1200l Firmware"
--
Affected
in Tp-link
Search vendor "Tp-link"
Tl-wvr1200l
Search vendor "Tp-link" for product "Tl-wvr1200l"
--
Safe
Tp-link
Search vendor "Tp-link"
Tl-wvr1300l Firmware
Search vendor "Tp-link" for product "Tl-wvr1300l Firmware"
--
Affected
in Tp-link
Search vendor "Tp-link"
Tl-wvr1300l
Search vendor "Tp-link" for product "Tl-wvr1300l"
--
Safe
Tp-link
Search vendor "Tp-link"
Tl-wvr1750l Firmware
Search vendor "Tp-link" for product "Tl-wvr1750l Firmware"
--
Affected
in Tp-link
Search vendor "Tp-link"
Tl-wvr1750l
Search vendor "Tp-link" for product "Tl-wvr1750l"
--
Safe
Tp-link
Search vendor "Tp-link"
Tl-wvr2600l Firmware
Search vendor "Tp-link" for product "Tl-wvr2600l Firmware"
--
Affected
in Tp-link
Search vendor "Tp-link"
Tl-wvr2600l
Search vendor "Tp-link" for product "Tl-wvr2600l"
--
Safe
Tp-link
Search vendor "Tp-link"
Tl-wvr4300l Firmware
Search vendor "Tp-link" for product "Tl-wvr4300l Firmware"
--
Affected
in Tp-link
Search vendor "Tp-link"
Tl-wvr4300l
Search vendor "Tp-link" for product "Tl-wvr4300l"
--
Safe
Tp-link
Search vendor "Tp-link"
Tl-war450l Firmware
Search vendor "Tp-link" for product "Tl-war450l Firmware"
--
Affected
in Tp-link
Search vendor "Tp-link"
Tl-war450l
Search vendor "Tp-link" for product "Tl-war450l"
--
Safe
Tp-link
Search vendor "Tp-link"
Tl-war458l Firmware
Search vendor "Tp-link" for product "Tl-war458l Firmware"
--
Affected
in Tp-link
Search vendor "Tp-link"
Tl-war458l
Search vendor "Tp-link" for product "Tl-war458l"
--
Safe
Tp-link
Search vendor "Tp-link"
Tl-war900l Firmware
Search vendor "Tp-link" for product "Tl-war900l Firmware"
--
Affected
in Tp-link
Search vendor "Tp-link"
Tl-war900l
Search vendor "Tp-link" for product "Tl-war900l"
--
Safe
Tp-link
Search vendor "Tp-link"
Tl-war1200l Firmware
Search vendor "Tp-link" for product "Tl-war1200l Firmware"
--
Affected
in Tp-link
Search vendor "Tp-link"
Tl-war1200l
Search vendor "Tp-link" for product "Tl-war1200l"
--
Safe
Tp-link
Search vendor "Tp-link"
Tl-war1300l Firmware
Search vendor "Tp-link" for product "Tl-war1300l Firmware"
--
Affected
in Tp-link
Search vendor "Tp-link"
Tl-war1300l
Search vendor "Tp-link" for product "Tl-war1300l"
--
Safe
Tp-link
Search vendor "Tp-link"
Tl-war1750l Firmware
Search vendor "Tp-link" for product "Tl-war1750l Firmware"
--
Affected
in Tp-link
Search vendor "Tp-link"
Tl-war1750l
Search vendor "Tp-link" for product "Tl-war1750l"
--
Safe
Tp-link
Search vendor "Tp-link"
Tl-war2600l Firmware
Search vendor "Tp-link" for product "Tl-war2600l Firmware"
--
Affected
in Tp-link
Search vendor "Tp-link"
Tl-war2600l
Search vendor "Tp-link" for product "Tl-war2600l"
--
Safe