← Back

CVE-2017-16960

nvd nist
Published: Nov 27, 2017Modified: May 13, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd.

Affected (58)

Products: Tp Link: Tl Er5510g, Tl Er5520g, Tl Er6120g, Tl Er6520g, Tl R4239g, Tl R4299g, Tl R473, Tl R478+, Tl R478g+, Tl R483, Tl R483g, Tl R488, Tl Wvr300, Tl Wvr302, Tl Wvr450g, Tl Wvr900g, Tl Wvr450 Firmware, Tl Wvr450l Firmware, Tl Wvr458 Firmware, Tl Wvr458l Firmware, Tl Wvr458p Firmware, Tl Wvr900l Firmware, Tl Wvr1200l Firmware, Tl Wvr1300l Firmware, Tl Wvr1300g Firmware, Tl Wvr1750l Firmware, Tl Wvr2600l Firmware, Tl Wvr4300l Firmware, Tl War302 Firmware, Tl War450 Firmware, Tl War450l Firmware, Tl War458 Firmware, Tl War458l Firmware, Tl War900l Firmware, Tl War1200l Firmware, Tl War1300l Firmware, Tl War1750l Firmware, Tl War2600l Firmware, Tl Er3210g Firmware, Tl Er3220g Firmware, Tl Er5110g Firmware, Tl Er5120g Firmware, Tl Er6110g Firmware, Tl Er6220g Firmware, Tl Er6510g Firmware, Tl Er7520g Firmware, Tl R473g Firmware, Tl R473p Ac Firmware, Tl R473gp Ac Firmware, Tl R478g Firmware, Tl R479p Ac Firmware, Tl R479gp Ac Firmware, Tl R479gpe Ac Firmware, Tl R4149g Firmware
Tp Link
54 products
Tl Er5510g
Tl Er5520g
Tl Er6120g
Tl Er6520g
Tl R4239g
Tl R4299g
Tl R473
Tl R478+
Tl R478g+
Tl R483
Tl R483g
Tl R488
Tl Wvr300
Tl Wvr302
Tl Wvr450g
Tl Wvr900g
Tl Wvr450 Firmware
Tl Wvr450l Firmware
Tl Wvr458 Firmware
Tl Wvr458l Firmware
Tl Wvr458p Firmware
Tl Wvr900l Firmware
Tl Wvr1200l Firmware
Tl Wvr1300l Firmware
Tl Wvr1300g Firmware
Tl Wvr1750l Firmware
Tl Wvr2600l Firmware
Tl Wvr4300l Firmware
Tl War302 Firmware
Tl War450 Firmware
Tl War450l Firmware
Tl War458 Firmware
Tl War458l Firmware
Tl War900l Firmware
Tl War1200l Firmware
Tl War1300l Firmware
Tl War1750l Firmware
Tl War2600l Firmware
Tl Er3210g Firmware
Tl Er3220g Firmware
Tl Er5110g Firmware
Tl Er5120g Firmware
Tl Er6110g Firmware
Tl Er6220g Firmware
Tl Er6510g Firmware
Tl Er7520g Firmware
Tl R473g Firmware
Tl R473p Ac Firmware
Tl R473gp Ac Firmware
Tl R478g Firmware
Tl R479p Ac Firmware
Tl R479gp Ac Firmware
Tl R479gpe Ac Firmware
Tl R4149g Firmware
Configuration A
20 vulnerable
Vulnerable SoftwareAffected Versions
Tp Link
Tl Er5510g
Version v2
Tl Er5510g
Version v3
Tp Link
Tl Er5520g
Version v2
Tl Er5520g
Version v3
Tl Er6120g
Version v2
Tp Link
Tl Er6520g
Version v2
Tl Er6520g
Version v3
Tl R4239g
Version v2
Tl R4299g
Version v2
Tl R473
Version v5
Tl R478
Version v6
Tl R478+
Version v7
Tl R478g+
Version v3
Tl R483
Version v5
Tl R483g
Version v2
Tl R488
Version v5
Tl Wvr300
Version v4
Tl Wvr302
Version v2
Tl Wvr450g
Version v5
Tl Wvr900g
Version v3
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl Wvr450 Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl Wvr450
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl Wvr450l Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl Wvr450l
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl Wvr458 Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl Wvr458
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl Wvr458l Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl Wvr458l
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl Wvr458p Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl Wvr458p
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl Wvr900l Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl Wvr900l
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl Wvr1200l Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl Wvr1200l
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl Wvr1300l Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl Wvr1300l
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl Wvr1300g Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl Wvr1300g
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl Wvr1750l Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl Wvr1750l
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl Wvr2600l Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl Wvr2600l
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl Wvr4300l Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl Wvr4300l
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl War302 Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl War302
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl War450 Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl War450
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl War450l Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl War450l
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl War458 Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl War458
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl War458l Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl War458l
All versions
Configuration S
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl War900l Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl War900l
All versions
Configuration T
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl War1200l Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl War1200l
All versions
Configuration U
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl War1300l Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl War1300l
All versions
Configuration V
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl War1750l Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl War1750l
All versions
Configuration W
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl War2600l Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl War2600l
All versions
Configuration X
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl Er3210g Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl Er3210g
All versions
Configuration Y
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl Er3220g Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl Er3220g
All versions
Configuration Z
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl Er5110g Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl Er5110g
All versions
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl Er5120g Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl Er5120g
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl Er6110g Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl Er6110g
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl Er6220g Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl Er6220g
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl Er6510g Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl Er6510g
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl Er7520g Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl Er7520g
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl R473g Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl R473g
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl R473p Ac Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl R473p Ac
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl R473gp Ac Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl R473gp Ac
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl R478g Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl R478g
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl R479p Ac Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl R479p Ac
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl R479gp Ac Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl R479gp Ac
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl R479gpe Ac Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl R479gpe Ac
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl R4149g Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl R4149g
All versions

Related CWEs

CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (2)

Source: cve@mitre.org
Issue Tracking
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking

Timeline

No history available yet.