Vulnerability Details CVE-2017-17757
TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua in uhttpd.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 78.7%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
Products affected by CVE-2017-17757
-
cpe:2.3:h:tp-link:tl-war1200l:-
-
cpe:2.3:h:tp-link:tl-war1300l:-
-
cpe:2.3:h:tp-link:tl-war1750l:-
-
cpe:2.3:h:tp-link:tl-war2600l:-
-
cpe:2.3:h:tp-link:tl-war450l:-
-
cpe:2.3:h:tp-link:tl-war458l:-
-
cpe:2.3:h:tp-link:tl-war900l:-
-
cpe:2.3:h:tp-link:tl-wvr1200l:-
-
cpe:2.3:h:tp-link:tl-wvr1300l:-
-
cpe:2.3:h:tp-link:tl-wvr1750l:-
-
cpe:2.3:h:tp-link:tl-wvr2600l:-
-
cpe:2.3:h:tp-link:tl-wvr4300l:-
-
cpe:2.3:h:tp-link:tl-wvr450l:-
-
cpe:2.3:h:tp-link:tl-wvr458l:-
-
cpe:2.3:h:tp-link:tl-wvr900l:-
-
cpe:2.3:o:tp-link:tl-war1200l_firmware:-
-
cpe:2.3:o:tp-link:tl-war1300l_firmware:-
-
cpe:2.3:o:tp-link:tl-war1750l_firmware:-
-
cpe:2.3:o:tp-link:tl-war2600l_firmware:-
-
cpe:2.3:o:tp-link:tl-war450l_firmware:-
-
cpe:2.3:o:tp-link:tl-war458l_firmware:-
-
cpe:2.3:o:tp-link:tl-war900l_firmware:-
-
cpe:2.3:o:tp-link:tl-wvr1200l_firmware:-
-
cpe:2.3:o:tp-link:tl-wvr1300l_firmware:-
-
cpe:2.3:o:tp-link:tl-wvr1750l_firmware:-
-
cpe:2.3:o:tp-link:tl-wvr2600l_firmware:-
-
cpe:2.3:o:tp-link:tl-wvr4300l_firmware:-
-
cpe:2.3:o:tp-link:tl-wvr450l_firmware:-
-
cpe:2.3:o:tp-link:tl-wvr458l_firmware:-
-
cpe:2.3:o:tp-link:tl-wvr900l_firmware:-