First published: Mon Nov 27 2017(Updated: )
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
TP-Link TL-ER5510G Firmware | =v2 | |
TP-Link TL-ER5510G Firmware | =v3 | |
TP-Link TL-ER5520G Firmware | =v2 | |
TP-Link TL-ER5520G Firmware | =v3 | |
TP-Link TL-ER6120G Firmware | =v2 | |
TP-Link TL-ER6520G Firmware | =v2 | |
TP-Link TL-ER6520G Firmware | =v3 | |
TP-Link TL-R4239G Firmware | =v2 | |
Tp-link R4299g Firmware | =v2 | |
TP-LINK R473 | =v5 | |
TP-Link TL-R478 Firmware | =v6 | |
TP-Link TL-R478+ | =v7 | |
TP-Link TL-R478G+ | =v3 | |
TP-Link TL-R483 Firmware | =v5 | |
Tp-link R483g Firmware | =v2 | |
TP-Link TL-R488 Firmware | =v5 | |
TP-Link TL-WVR300 Firmware | =v4 | |
TP-Link WVR302 | =v2 | |
TP-Link TL-WVR450G Firmware | =v5 | |
TP-Link WVR900G | =v3 | |
Tp-link Wvr450l Firmware | ||
TP-Link WVR450 | ||
Tp-link Wvr450l Firmware | ||
TP-Link WVR450L | ||
TP-Link TL-WVR458L Firmware | ||
TP-Link TL-WVR458L Firmware | ||
TP-Link TL-WVR458L | ||
TP-Link TL-WVR458L Firmware | ||
TP-Link TL-WVR458P Firmware | ||
TP-Link TL-WVR458P Firmware | ||
TP-Link WVR900L Firmware | ||
TP-Link WVR900L Firmware | ||
TP-Link TL-WVR1200L | ||
TP-Link TL-WVR1200L Firmware | ||
TP-Link WVR1300L Firmware | ||
TP-Link WVR1300L | ||
TP-Link TL-WVR1300G | ||
TP-Link WVR1300G | ||
TP-Link TL-WVR1750L Firmware | ||
TP-Link WVR1750L | ||
Tp-link Wvr2600l Firmware | ||
TP-Link WVR2600L | ||
TP-Link WVR4300L Firmware | ||
TP-Link WVR4300L Firmware | ||
TP-Link WAR302 | ||
TP-Link WAR302 | ||
TP-Link TL-WAR450 | ||
TP-Link WAR450 | ||
TP-Link WR450L Firmware | ||
TP-Link TL-WAR450L Firmware | ||
TP-Link WAR458L | ||
TP-Link WAR458 | ||
TP-Link WAR458L Firmware | ||
TP-Link WAR458L | ||
TP-Link WDR900L Firmware | ||
TP-Link WAR900L | ||
TP-Link TL-WAR1200L Firmware | ||
TP-Link TL-WAR1200L Firmware | ||
TP-Link WAR1300L Firmware | ||
TP-Link WAR1300L | ||
TP-Link WAR1750L Firmware | ||
TP-Link WAR1750L Firmware | ||
Tp-link War2600l Firmware | ||
TP-Link Archer WAR2600L | ||
TP-Link TL-ER3210G | ||
TP-Link TL-ER3210G Firmware | ||
TP-Link TL-ER3220G Firmware | ||
TP-Link TL-ER3220G Firmware | ||
TP-Link ER5110G Firmware | ||
TP-Link ER5110G Firmware | ||
TP-Link TL-ER5120G | ||
TP-Link TL-ER5120G Firmware | ||
TP-Link TL-ER6110G Firmware | ||
TP-Link TL-ER6110G Firmware | ||
TP-Link TL-ER6220G | ||
TP-Link TL-ER6220G | ||
TP-Link TL-ER6510G | ||
Tp-link Tl-er6510g Firmware | ||
TP-Link TL-ER7520G Firmware | ||
TP-Link TL-ER7520G Firmware | ||
TP-Link R473G Firmware | ||
TP-LINK R473 | ||
TP-Link TL-R473P-AC | ||
TP-Link R473P-AC | ||
TP-Link TL-R473G Firmware | ||
TP-Link TL-R473GP-AC Firmware | ||
TP-Link R478+ | ||
TP-Link TL-R478G Firmware | ||
TP-Link TL-R479P-AC | ||
TP-Link TL-R479P-AC Firmware | ||
TP-Link TL-R479GP-AC Firmware | ||
TP-Link TL-R479GP-AC Firmware | ||
TP-Link TL-R479GP-AC Firmware | ||
TP-Link TL-R479GPE-AC Firmware | ||
TP-Link TL-R4149G | ||
TP-Link R4149G |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci.
The severity of CVE-2017-16960 vulnerability is critical with a CVSS score of 8.8.
Devices such as TP-Link TL-ER5510G, TL-ER5520G, TL-ER6120G, TL-R4239G, TL-R4299G, and others are affected by CVE-2017-16960 vulnerability.