CVE-2017-15620

high-risk

Published 2018-01-11

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-zone variable in the ipmac_import.lua file.

Do I need to act?

1.4% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.2/10 High

NETWORK / LOW complexity

Affected Products (20)

Er5110G Firmware

Er5120G Firmware

Er5510G Firmware

Er5520G Firmware

R4149G Firmware

R4239G Firmware

R4299G Firmware

R473Gp-Ac Firmware

R473G Firmware

R473P-Ac Firmware

R473 Firmware

R478G\+ Firmware

R478 Firmware

R478\+ Firmware

R483G Firmware

R483 Firmware

R488 Firmware

War1300L Firmware

War1750L Firmware

War2600L Firmware

Affected Vendors

Tp-Link

References (4)

Exploit http://www.securityfocus.com/archive/1/541655/100/0/threaded

Exploit https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-20...

Exploit http://www.securityfocus.com/archive/1/541655/100/0/threaded

Exploit https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-20...

/ 100

high-risk

Severity 26/34 · High

Exploitability 4/34 · Minimal

Exposure 24/34 · High