← Back

CVE-2017-17758

nvd nist
Published: Dec 19, 2017Modified: May 13, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_bydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua in uhttpd.

Affected (15)

Tp Link
15 products
Tl Wvr450l Firmware
Tl Wvr458l Firmware
Tl Wvr900l Firmware
Tl Wvr1200l Firmware
Tl Wvr1300l Firmware
Tl Wvr1750l Firmware
Tl Wvr2600l Firmware
Tl Wvr4300l Firmware
Tl War450l Firmware
Tl War458l Firmware
Tl War900l Firmware
Tl War1200l Firmware
Tl War1300l Firmware
Tl War1750l Firmware
Tl War2600l Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl Wvr450l Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl Wvr450l
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl Wvr458l Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl Wvr458l
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl Wvr900l Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl Wvr900l
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl Wvr1200l Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl Wvr1200l
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl Wvr1300l Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl Wvr1300l
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl Wvr1750l Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl Wvr1750l
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl Wvr2600l Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl Wvr2600l
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl Wvr4300l Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl Wvr4300l
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl War450l Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl War450l
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl War458l Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl War458l
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl War900l Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl War900l
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl War1200l Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl War1200l
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl War1300l Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl War1300l
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl War1750l Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl War1750l
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tl War2600l Firmware
All versions
Running on/withPlatform Versions
Tp Link
Tl War2600l
All versions

Related CWEs

CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (2)

Source: cve@mitre.org
ExploitIssue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.