CVE-2017-16960

high-risk
Published 2017-11-27

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd.

Do I need to act?

-
0.86% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (20)

Tl-Er5510G
Tl-Er5520G
Tl-Er6120G
Tl-R4239G
Tl-R483
Tl-R483G
Tl-R488
Tl-Wvr302
Tl-Wvr450G
Tl-Wvr900G
Tl-Wvr450L Firmware
Tl-Wvr458 Firmware
Tl-Wvr458L Firmware
Tl-Wvr900L Firmware
Tl-Wvr1200L Firmware
Tl-Wvr1750L Firmware
Tl-War302 Firmware
Tl-War450L Firmware
Tl-War458 Firmware
Tl-War458L Firmware

Affected Vendors

Tp-Link

References (2)

Issue Tracking https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkInt...
Issue Tracking https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkInt...
60
/ 100
high-risk
Severity 30/34 · Critical
Exploitability 3/34 · Minimal
Exposure 27/34 · High