CVE-2017-16959
high-risk
Published 2017-11-27
The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd.
Do I need to act?
-
0.38% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10
Medium
NETWORK
/ LOW complexity
Affected Products (20)
Tl-Wvr302 Firmware
Tl-Wvr450L Firmware
Tl-Wvr458 Firmware
Tl-Wvr458L Firmware
Tl-Wvr900G Firmware
Tl-Wvr900L Firmware
Tl-Wvr1200L Firmware
Tl-Wvr1750L Firmware
Tl-War2600L Firmware
Tl-War302 Firmware
Tl-War450L Firmware
Tl-War458 Firmware
Tl-War458L Firmware
Tl-War900L Firmware
Tl-War1200L Firmware
Tl-War1750L Firmware
Tl-Er3220G Firmware
Tl-Er5110G Firmware
Tl-Er5510G Firmware
Tl-Er6520G Firmware
Affected Vendors
51
/ 100
high-risk
Severity
24/34 · High
Exploitability
1/34 · Minimal
Exposure
26/34 · High