First published: Thu Jan 11 2018(Updated: )
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_server.lua file.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Tp-link Tl-er5110g Firmware | ||
TP-Link TL-ER5110G | ||
TP-Link TL-ER5120G Firmware | ||
TP-Link TL-ER5120G | ||
TP-Link TL-ER5510G Firmware | ||
Tp-link Tl-er5510g | ||
Tp-link Tl-er5520g Firmware | ||
TP-Link TL-ER5520G | ||
TP-Link TL-R4149G Firmware | ||
TP-Link TL-R4149G | ||
TP-Link TL-R4239G Firmware | ||
TP-LINK TL-R4239G | ||
TP-Link TL-R4299G Firmware | ||
TP-Link TL-R4299G | ||
TP-LINK TL-R473GP-AC | ||
TP-LINK TL-R473GP-AC | ||
Tp-link Tl-r473g Firmware | ||
Tp-link R473g Firmware | ||
Tp-link Tl-r473p-ac Firmware | ||
Tp-link Tl-r473p-ac Firmware | ||
Tp-link Tl-r473g Firmware | ||
Tp-link R473g Firmware | ||
Tp-link R478g+ Firmware | ||
TP-Link R478G+ | ||
TP-Link TL-R478 Firmware | ||
TP-Link R478 | ||
TP-Link R478+ Firmware | ||
Tp-link R478+ | ||
Tp-link R483g | ||
TP-Link TL-R483G | ||
Tp-link Tl-r483 Firmware | ||
TP-Link TL-R483 | ||
TP-Link TL-R488 Firmware | ||
TP-Link TL-R488 | ||
TP-Link War1300L Firmware | ||
TP-Link War1300L Firmware | ||
TP-Link WAR1750L Firmware | ||
TP-Link WAR1750L Firmware | ||
TP-Link Archer WAR2600L | ||
Tp-link War2600l Firmware | ||
TP-Link WAR302 Firmware | ||
TP-Link WAR302 | ||
Tp-link Tl-war450 Firmware | ||
Tp-link Tl-war450 Firmware | ||
Tp-link Tl-war450 Firmware | ||
Tp-link Tl-war450 Firmware | ||
TP-Link WAR458L Firmware | ||
TP-Link WAR458L Firmware | ||
TP-Link WAR458L Firmware | ||
TP-Link WAR458L | ||
TP-Link WDR900L Firmware | ||
TP-Link War900L | ||
TP-Link TL-WVR1300G Firmware | ||
TP-Link WVR1300G | ||
Tp-link Tl-wvr1300l Firmware | ||
Tp-link Wvr1300l Firmware | ||
TP-Link TL-WVR1750L Firmware | ||
TP-Link WVR1750L | ||
TP-Link WVR2600L | ||
Tp-link Wvr2600l Firmware | ||
Tp-link Tl-wvr300 Firmware | ||
Tp-link Wvr300 Firmware | ||
TP-Link WVR302 Firmware | ||
TP-Link WVR302 Firmware | ||
TP-Link WVR4300L Firmware | ||
TP-Link WVR4300L Firmware | ||
TP-Link WVR450 Firmware | =1.0161125 | |
Tp-link Wvr450l Firmware | ||
TP-Link WVR450 Firmware | ||
TP-Link WVR450 Firmware | ||
TP-Link TL-WVR458L Firmware | ||
Tp-link Wvr458l Firmware | ||
TP-Link WVR900G Firmware | =3.0_170306 | |
TP-Link WVR900G Firmware | ||
TP-Link WVR900L Firmware | ||
TP-Link TL-WVR900L |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-15632 is classified as a high severity vulnerability due to its potential for remote command execution.
To fix CVE-2017-15632, you should update the affected TP-Link devices to the latest firmware version provided by the manufacturer.
CVE-2017-15632 affects multiple TP-Link WVR, WAR, and ER series devices, particularly those using vulnerable firmware versions.
CVE-2017-15632 can be exploited through command injection, allowing authenticated remote attackers to execute arbitrary commands on the vulnerable device.
You are at risk if you are using an affected version of the firmware on your TP-Link WVR, WAR, or ER device.