First published: Mon Nov 27 2017(Updated: )
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Tp-link Tl-er5510g | =v2 | |
Tp-link Tl-er5510g | =v3 | |
Tp-link Tl-er5520g | =v2 | |
Tp-link Tl-er5520g | =v3 | |
Tp-link Tl-er6120g | =v2 | |
Tp-link Tl-er6520g | =v2 | |
Tp-link Tl-er6520g | =v3 | |
Tp-link Tl-r4239g | =v2 | |
Tp-link Tl-r4299g | =v2 | |
Tp-link Tl-r473 | =v5 | |
Tp-link Tl-r478 | =v6 | |
Tp-link Tl-r478\+ | =v7 | |
Tp-link Tl-r478g\+ | =v3 | |
Tp-link Tl-r483 | =v5 | |
Tp-link Tl-r483g | =v2 | |
Tp-link Tl-r488 | =v5 | |
Tp-link Tl-wvr300 | =v4 | |
Tp-link Tl-wvr302 | =v2 | |
Tp-link Tl-wvr450g | =v5 | |
Tp-link Tl-wvr900g | =v3 | |
Tp-link Tl-wvr450 Firmware | ||
Tp-link Tl-wvr450 | ||
Tp-link Tl-wvr450l Firmware | ||
Tp-link Tl-wvr450l | ||
Tp-link Tl-wvr458 Firmware | ||
Tp-link Tl-wvr458 | ||
Tp-link Tl-wvr458l Firmware | ||
Tp-link Tl-wvr458l | ||
Tp-link Tl-wvr458p Firmware | ||
Tp-link Tl-wvr458p | ||
Tp-link Tl-wvr900l Firmware | ||
Tp-link Tl-wvr900l | ||
Tp-link Tl-wvr1200l Firmware | ||
Tp-link Tl-wvr1200l | ||
Tp-link Tl-wvr1300l Firmware | ||
Tp-link Tl-wvr1300l | ||
Tp-link Tl-wvr1300g Firmware | ||
Tp-link Tl-wvr1300g | ||
Tp-link Tl-wvr1750l Firmware | ||
Tp-link Tl-wvr1750l | ||
Tp-link Tl-wvr2600l Firmware | ||
Tp-link Tl-wvr2600l | ||
Tp-link Tl-wvr4300l Firmware | ||
Tp-link Tl-wvr4300l | ||
Tp-link Tl-war302 Firmware | ||
Tp-link Tl-war302 | ||
Tp-link Tl-war450 Firmware | ||
Tp-link Tl-war450 | ||
Tp-link Tl-war450l Firmware | ||
Tp-link Tl-war450l | ||
Tp-link Tl-war458 Firmware | ||
Tp-link Tl-war458 | ||
Tp-link Tl-war458l Firmware | ||
Tp-link Tl-war458l | ||
Tp-link Tl-war900l Firmware | ||
Tp-link Tl-war900l | ||
Tp-link Tl-war1200l Firmware | ||
Tp-link Tl-war1200l | ||
Tp-link Tl-war1300l Firmware | ||
Tp-link Tl-war1300l | ||
Tp-link Tl-war1750l Firmware | ||
Tp-link Tl-war1750l | ||
Tp-link Tl-war2600l Firmware | ||
Tp-link Tl-war2600l | ||
Tp-link Tl-er3210g Firmware | ||
Tp-link Tl-er3210g | ||
Tp-link Tl-er3220g Firmware | ||
Tp-link Tl-er3220g | ||
Tp-link Tl-er5110g Firmware | ||
Tp-link Tl-er5110g | ||
Tp-link Tl-er5120g Firmware | ||
Tp-link Tl-er5120g | ||
Tp-link Tl-er6110g Firmware | ||
Tp-link Tl-er6110g | ||
Tp-link Tl-er6220g Firmware | ||
Tp-link Tl-er6220g | ||
Tp-link Tl-er6510g Firmware | ||
Tp-link Tl-er6510g | ||
Tp-link Tl-er7520g Firmware | ||
Tp-link Tl-er7520g | ||
Tp-link Tl-r473g Firmware | ||
TP-LINK TL-R473G | ||
Tp-link Tl-r473p-ac Firmware | ||
Tp-link Tl-r473p-ac | ||
Tp-link Tl-r473gp-ac Firmware | ||
Tp-link Tl-r473gp-ac | ||
Tp-link Tl-r478g Firmware | ||
Tp-link Tl-r478g | ||
Tp-link Tl-r479p-ac Firmware | ||
Tp-link Tl-r479p-ac | ||
Tp-link Tl-r479gp-ac Firmware | ||
Tp-link Tl-r479gp-ac | ||
Tp-link Tl-r479gpe-ac Firmware | ||
Tp-link Tl-r479gpe-ac | ||
Tp-link Tl-r4149g Firmware | ||
Tp-link Tl-r4149g |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci.
The severity of CVE-2017-16960 vulnerability is critical with a CVSS score of 8.8.
Devices such as TP-Link TL-ER5510G, TL-ER5520G, TL-ER6120G, TL-R4239G, TL-R4299G, and others are affected by CVE-2017-16960 vulnerability.