Lucene search

K
cve[email protected]CVE-2017-15629
HistoryJan 11, 2018 - 4:29 p.m.

CVE-2017-15629

2018-01-1116:29:01
web.nvd.nist.gov
21
cve-2017-15629
tp-link
wvr
war
er
remote access
authenticated administrators
command injection
pptp_client.lua
nvd

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

50.0%

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-tunnelname variable in the pptp_client.lua file.

Affected configurations

NVD
Node
tp-linker5110g_firmwareMatch-
AND
tp-linker5110gMatch-
Node
tp-linker5120g_firmwareMatch-
AND
tp-linker5120gMatch-
Node
tp-linker5510g_firmwareMatch-
AND
tp-linker5510gMatch-
Node
tp-linker5520g_firmwareMatch-
AND
tp-linker5520gMatch-
Node
tp-linkr4149g_firmwareMatch-
AND
tp-linkr4149gMatch-
Node
tp-linkr4239g_firmwareMatch-
AND
tp-linkr4239gMatch-
Node
tp-linkr4299g_firmwareMatch-
AND
tp-linkr4299gMatch-
Node
tp-linkr473gp-ac_firmwareMatch-
AND
tp-linkr473gp-acMatch-
Node
tp-linkr473g_firmwareMatch-
AND
tp-linkr473gMatch-
Node
tp-linkr473p-ac_firmwareMatch-
AND
tp-linkr473p-acMatch-
Node
tp-linkr473_firmwareMatch-
AND
tp-linkr473Match-
Node
tp-linkr478g\+_firmwareMatch-
AND
tp-linkr478g\+Match-
Node
tp-linkr478_firmwareMatch-
AND
tp-linkr478Match-
Node
tp-linkr478\+_firmwareMatch-
AND
tp-linkr478\+Match-
Node
tp-linkr483g_firmwareMatch-
AND
tp-linkr483gMatch-
Node
tp-linkr483_firmwareMatch-
AND
tp-linkr483Match-
Node
tp-linkr488_firmwareMatch-
AND
tp-linkr488Match-
Node
tp-linkwar1300l_firmwareMatch-
AND
tp-linkwar1300lMatch-
Node
tp-linkwar1750l_firmwareMatch-
AND
tp-linkwar1750lMatch-
Node
tp-linkwar2600l_firmwareMatch-
AND
tp-linkwar2600lMatch-
Node
tp-linkwar302_firmwareMatch-
AND
tp-linkwar302Match-
Node
tp-linkwar450l_firmwareMatch-
AND
tp-linkwar450lMatch-
Node
tp-linkwar450_firmwareMatch-
AND
tp-linkwar450Match-
Node
tp-linkwar458l_firmwareMatch-
AND
tp-linkwar458lMatch-
Node
tp-linkwar458_firmwareMatch-
AND
tp-linkwar458Match-
Node
tp-linkwar900l_firmwareMatch-
AND
tp-linkwar900lMatch-
Node
tp-linkwvr1300g_firmwareMatch-
AND
tp-linkwvr1300gMatch-
Node
tp-linkwvr1300l_firmwareMatch-
AND
tp-linkwvr1300lMatch-
Node
tp-linkwvr1750l_firmwareMatch-
AND
tp-linkwvr1750lMatch-
Node
tp-linkwvr2600l_firmwareMatch-
AND
tp-linkwvr2600lMatch-
Node
tp-linkwvr300_firmwareMatch-
AND
tp-linkwvr300Match-
Node
tp-linkwvr302_firmwareMatch-
AND
tp-linkwvr302Match-
Node
tp-linkwvr4300l_firmwareMatch-
AND
tp-linkwvr4300lMatch-
Node
tp-linkwvr450l_firmwareMatch1.0161125
AND
tp-linkwvr450lMatch-
Node
tp-linkwvr450_firmwareMatch-
AND
tp-linkwvr450Match-
Node
tp-linkwvr458l_firmwareMatch-
AND
tp-linkwvr458lMatch-
Node
tp-linkwvr900g_firmwareMatch3.0_170306
AND
tp-linkwvr900gMatch-
Node
tp-linkwvr900l_firmwareMatch-
AND
tp-linkwvr900lMatch-

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

50.0%

Related for CVE-2017-15629