Lucene search

K
cve[email protected]CVE-2017-17757
HistoryDec 19, 2017 - 7:29 a.m.

CVE-2017-17757

2017-12-1907:29:00
CWE-78
web.nvd.nist.gov
19
cve-2017-17757
tp-link
tl-wvr
tl-war
remote authenticated users
arbitrary commands
shell metacharacters
admin/wportal
cgi-bin/luci
uhttpd
nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

61.3%

TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua in uhttpd.

Affected configurations

NVD
Node
tp-linktl-wvr450l_firmwareMatch-
AND
tp-linktl-wvr450lMatch-
Node
tp-linktl-wvr458l_firmwareMatch-
AND
tp-linktl-wvr458lMatch-
Node
tp-linktl-wvr900l_firmwareMatch-
AND
tp-linktl-wvr900lMatch-
Node
tp-linktl-wvr1200l_firmwareMatch-
AND
tp-linktl-wvr1200lMatch-
Node
tp-linktl-wvr1300l_firmwareMatch-
AND
tp-linktl-wvr1300lMatch-
Node
tp-linktl-wvr1750l_firmwareMatch-
AND
tp-linktl-wvr1750lMatch-
Node
tp-linktl-wvr2600l_firmwareMatch-
AND
tp-linktl-wvr2600lMatch-
Node
tp-linktl-wvr4300l_firmwareMatch-
AND
tp-linktl-wvr4300lMatch-
Node
tp-linktl-war450l_firmwareMatch-
AND
tp-linktl-war450lMatch-
Node
tp-linktl-war458l_firmwareMatch-
AND
tp-linktl-war458lMatch-
Node
tp-linktl-war900l_firmwareMatch-
AND
tp-linktl-war900lMatch-
Node
tp-linktl-war1200l_firmwareMatch-
AND
tp-linktl-war1200lMatch-
Node
tp-linktl-war1300l_firmwareMatch-
AND
tp-linktl-war1300lMatch-
Node
tp-linktl-war1750l_firmwareMatch-
AND
tp-linktl-war1750lMatch-
Node
tp-linktl-war2600l_firmwareMatch-
AND
tp-linktl-war2600lMatch-

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

61.3%

Related for CVE-2017-17757