CVE-2017-17757: OS Command Injection
First published: Tue Dec 19 2017(Updated: )
TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua in uhttpd.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tp-link Wvr450l Firmware | ||
| TP-Link WVR450L | ||
| TP-Link TL-WVR458L | ||
| TP-Link TL-WVR458L Firmware | ||
| TP-Link WVR900L Firmware | ||
| TP-Link WVR900L Firmware | ||
| TP-Link TL-WVR1200L | ||
| TP-Link TL-WVR1200L Firmware | ||
| TP-Link WVR1300L Firmware | ||
| TP-Link WVR1300L | ||
| TP-Link TL-WVR1750L Firmware | ||
| TP-Link WVR1750L | ||
| Tp-link Wvr2600l Firmware | ||
| TP-Link WVR2600L | ||
| TP-Link WVR4300L Firmware | ||
| TP-Link WVR4300L Firmware | ||
| TP-Link WR450L Firmware | ||
| TP-Link TL-WAR450L Firmware | ||
| TP-Link WAR458L Firmware | ||
| TP-Link WAR458L | ||
| TP-Link WDR900L Firmware | ||
| TP-Link WAR900L | ||
| TP-Link TL-WAR1200L Firmware | ||
| TP-Link TL-WAR1200L Firmware | ||
| TP-Link WAR1300L Firmware | ||
| TP-Link WAR1300L | ||
| TP-Link WAR1750L Firmware | ||
| TP-Link WAR1750L Firmware | ||
| Tp-link War2600l Firmware | ||
| TP-Link Archer WAR2600L |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2017-17757.
What devices are affected by this vulnerability?
TP-Link TL-WVR450L, TL-WVR458L, TL-WVR900L, TL-WVR1200L, TL-WVR1300L, TL-WVR1750L, TL-WVR2600L, TL-WVR4300L, TL-WAR450L, TL-WAR458L, TL-WAR900L, TL-WAR1200L, TL-WAR1300L, TL-WAR1750L, TL-WAR2600L devices are affected by this vulnerability.
How severe is CVE-2017-17757?
CVE-2017-17757 severity is critical with a score of 8.8.
How can I fix CVE-2017-17757?
There is currently no known fix or patch available for CVE-2017-17757. It is recommended to contact the vendor for further information.
Where can I find more information about CVE-2017-17757?
More information about CVE-2017-17757 can be found at this reference link: https://github.com/L1ZhaoXin/Router-Vulnerability-Research/blob/master/Tplink_LUCI_Wechat_Authenticated_RCE_Record.txt
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/tp-link
- canonical/tp-link wvr450l firmware
- canonical/tp-link wvr450l
- canonical/tp-link tl-wvr458l
- canonical/tp-link tl-wvr458l firmware
- canonical/tp-link wvr900l firmware
- canonical/tp-link tl-wvr1200l
- canonical/tp-link tl-wvr1200l firmware
- canonical/tp-link tl-wvr1300l firmware
- canonical/tp-link wvr1300l
- canonical/tp-link tl-wvr1750l firmware
- canonical/tp-link wvr1750l
- canonical/tp-link wvr2600l firmware
- canonical/tp-link wvr2600l
- canonical/tp-link wvr4300l firmware
- canonical/tp-link wr450l firmware
- canonical/tp-link tl-war450l firmware
- canonical/tp-link war458l firmware
- canonical/tp-link war458l
- canonical/tp-link wdr900l firmware
- canonical/tp-link war900l
- canonical/tp-link tl-war1200l firmware
- canonical/tp-link war1300l firmware
- canonical/tp-link war1300l
- canonical/tp-link war1750l firmware
- canonical/tp-link war2600l firmware
- canonical/tp-link archer war2600l