Vulnerability Details CVE-2017-13772
Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated users to execute arbitrary code via the (1) ping_addr parameter to PingIframeRpm.htm or (2) dnsserver2 parameter to WanStaticIpV6CfgRpm.htm.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.729
EPSS Ranking 98.7%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
- http://packetstormsecurity.com/files/158999/TP-Link-WDR4300-Remote-Code-Execution.html
- https://www.exploit-db.com/exploits/43022/
- https://www.fidusinfosec.com/tp-link-remote-code-execution-cve-2017-13772/
- http://packetstormsecurity.com/files/158999/TP-Link-WDR4300-Remote-Code-Execution.html
- https://www.exploit-db.com/exploits/43022/
- https://www.fidusinfosec.com/tp-link-remote-code-execution-cve-2017-13772/
Products affected by CVE-2017-13772
-
cpe:2.3:h:tp-link:wr940n:4
-
cpe:2.3:o:tp-link:wr940n_firmware:-