CVE-2017-17757

high-risk
Published 2017-12-19

TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua in uhttpd.

Do I need to act?

~
1.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (15)

Tl-Wvr450L Firmware
Tl-Wvr458L Firmware
Tl-Wvr900L Firmware
Tl-Wvr1200L Firmware
Tl-Wvr1750L Firmware
Tl-War450L Firmware
Tl-War458L Firmware
Tl-War900L Firmware
Tl-War1200L Firmware
Tl-War1750L Firmware
Tl-War2600L Firmware
Tl-Wvr1300L Firmware
Tl-Wvr2600L Firmware
Tl-Wvr4300L Firmware
Tl-War1300L Firmware

Affected Vendors

Tp-Link

References (2)

Exploit https://github.com/L1ZhaoXin/Router-Vulnerability-Research/blob/master/Tplink_LU...
Exploit https://github.com/L1ZhaoXin/Router-Vulnerability-Research/blob/master/Tplink_LU...
52
/ 100
high-risk
Severity 30/34 · Critical
Exploitability 4/34 · Minimal
Exposure 18/34 · Moderate