First published: Thu Jan 11 2018(Updated: )
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_server.lua file.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
TP-Link TL-ER5110G Firmware | ||
TP-Link ER5110G Firmware | ||
TP-Link TL-ER5120G Firmware | ||
TP-Link TL-ER5120G | ||
TP-Link TL-ER5510G Firmware | ||
TP-Link TL-ER5510G Firmware | ||
TP-Link TL-ER5520G | ||
TP-Link TL-ER5520G Firmware | ||
TP-Link TL-R4149G Firmware | ||
TP-Link TL-R4149G Firmware | ||
TP-Link TL-R4239G Firmware | ||
TP-LINK TL-R4239G | ||
TP-Link TL-R4299G Firmware | ||
TP-Link TL-R4299G | ||
TP-LINK TL-R473GP-AC | ||
TP-LINK TL-R473GP-AC | ||
TP-Link R473G Firmware | ||
Tp-link R473g Firmware | ||
Tp-link Tl-r473p-ac Firmware | ||
TP-Link TL-R473P-AC | ||
Tp-link Tl-r473g Firmware | ||
TP-Link R473P-AC | ||
Tp-link R478g+ Firmware | ||
TP-Link R478G+ | ||
TP-Link TL-R478 Firmware | ||
TP-Link R478 | ||
TP-Link R478+ Firmware | ||
Tp-link R478+ | ||
TP-Link R483 Firmware | ||
TP-Link R483 Firmware | ||
TP-Link TL-R483 Firmware | ||
TP-Link TL-R483 | ||
TP-Link TL-R488 Firmware | ||
TP-Link TL-R488 | ||
TP-Link WAR1300L | ||
TP-Link WAR1300L Firmware | ||
TP-Link WAR1750L Firmware | ||
TP-Link WAR1750L Firmware | ||
TP-Link Archer WAR2600L | ||
Tp-link War2600l Firmware | ||
TP-Link WAR302 | ||
TP-Link WAR302 Firmware | ||
Tp-link Tl-war450 Firmware | ||
Tp-link Tl-war450 Firmware | ||
Tp-link Tl-war450 Firmware | ||
TP-Link TL-WAR450 | ||
TP-Link TL-WAR458L Firmware | ||
TP-Link WAR458L Firmware | ||
TP-Link WAR458L Firmware | ||
TP-Link TL-WAR458 Firmware | ||
TP-Link WDR900L Firmware | ||
TP-Link WAR900L | ||
TP-Link TL-WVR1300G Firmware | ||
TP-Link WVR1300G | ||
TP-Link TL-WVR1300L Firmware | ||
TP-Link WVR1300L Firmware | ||
TP-Link TL-WVR1750L Firmware | ||
TP-Link TL-WVR1750L | ||
TP-Link WVR2600L | ||
TP-Link TL-WVR2600L | ||
TP-Link TL-WVR300 Firmware | ||
TP-Link TL-WVR300 Firmware | ||
TP-Link WVR302 | ||
TP-Link WVR302 Firmware | ||
TP-Link WVR4300L Firmware | ||
TP-Link WVR4300L Firmware | ||
TP-Link WVR450L Firmware | =1.0161125 | |
TP-Link WVR450L Firmware | ||
TP-Link WVR450L Firmware | ||
TP-Link WVR450L Firmware | ||
TP-Link TL-WVR458L Firmware | ||
Tp-link Wvr458l Firmware | ||
TP-Link WVR900G Firmware | =3.0_170306 | |
TP-Link WVR900G Firmware | ||
TP-Link WVR900L Firmware | ||
TP-Link TL-WVR900L |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-15628 has a medium severity rating due to its potential for remote command execution by authenticated users.
To remediate CVE-2017-15628, update the firmware of your TP-Link devices to the latest patched version provided by the manufacturer.
CVE-2017-15628 affects multiple TP-Link router models, including the WVR, WAR, and ER series devices.
Yes, CVE-2017-15628 can be exploited remotely by authenticated administrators through command injection.
While CVE-2017-15628 is specific to TP-Link devices, command injection vulnerabilities are a common threat across various software.