CVE-2017-17757: OS Command Injection
First published: Tue Dec 19 2017(Updated: )
TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua in uhttpd.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tp-link Tl-wvr450l Firmware | ||
| Tp-link Tl-wvr450l | ||
| Tp-link Tl-wvr458l Firmware | ||
| Tp-link Tl-wvr458l | ||
| Tp-link Tl-wvr900l Firmware | ||
| Tp-link Tl-wvr900l | ||
| Tp-link Tl-wvr1200l Firmware | ||
| Tp-link Tl-wvr1200l | ||
| Tp-link Tl-wvr1300l Firmware | ||
| Tp-link Tl-wvr1300l | ||
| Tp-link Tl-wvr1750l Firmware | ||
| Tp-link Tl-wvr1750l | ||
| Tp-link Tl-wvr2600l Firmware | ||
| Tp-link Tl-wvr2600l | ||
| Tp-link Tl-wvr4300l Firmware | ||
| Tp-link Tl-wvr4300l | ||
| Tp-link Tl-war450l Firmware | ||
| Tp-link Tl-war450l | ||
| Tp-link Tl-war458l Firmware | ||
| Tp-link Tl-war458l | ||
| Tp-link Tl-war900l Firmware | ||
| Tp-link Tl-war900l | ||
| Tp-link Tl-war1200l Firmware | ||
| Tp-link Tl-war1200l | ||
| Tp-link Tl-war1300l Firmware | ||
| Tp-link Tl-war1300l | ||
| Tp-link Tl-war1750l Firmware | ||
| Tp-link Tl-war1750l | ||
| Tp-link Tl-war2600l Firmware | ||
| Tp-link Tl-war2600l |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2017-17757.
What devices are affected by this vulnerability?
TP-Link TL-WVR450L, TL-WVR458L, TL-WVR900L, TL-WVR1200L, TL-WVR1300L, TL-WVR1750L, TL-WVR2600L, TL-WVR4300L, TL-WAR450L, TL-WAR458L, TL-WAR900L, TL-WAR1200L, TL-WAR1300L, TL-WAR1750L, TL-WAR2600L devices are affected by this vulnerability.
How severe is CVE-2017-17757?
CVE-2017-17757 severity is critical with a score of 8.8.
How can I fix CVE-2017-17757?
There is currently no known fix or patch available for CVE-2017-17757. It is recommended to contact the vendor for further information.
Where can I find more information about CVE-2017-17757?
More information about CVE-2017-17757 can be found at this reference link: https://github.com/L1ZhaoXin/Router-Vulnerability-Research/blob/master/Tplink_LUCI_Wechat_Authenticated_RCE_Record.txt
- collector/nvd-index
- vendor/tp-link
- canonical/tp-link tl-wvr450l firmware
- canonical/tp-link tl-wvr450l
- canonical/tp-link tl-wvr458l firmware
- canonical/tp-link tl-wvr458l
- canonical/tp-link tl-wvr900l firmware
- canonical/tp-link tl-wvr900l
- canonical/tp-link tl-wvr1200l firmware
- canonical/tp-link tl-wvr1200l
- canonical/tp-link tl-wvr1300l firmware
- canonical/tp-link tl-wvr1300l
- canonical/tp-link tl-wvr1750l firmware
- canonical/tp-link tl-wvr1750l
- canonical/tp-link tl-wvr2600l firmware
- canonical/tp-link tl-wvr2600l
- canonical/tp-link tl-wvr4300l firmware
- canonical/tp-link tl-wvr4300l
- canonical/tp-link tl-war450l firmware
- canonical/tp-link tl-war450l
- canonical/tp-link tl-war458l firmware
- canonical/tp-link tl-war458l
- canonical/tp-link tl-war900l firmware
- canonical/tp-link tl-war900l
- canonical/tp-link tl-war1200l firmware
- canonical/tp-link tl-war1200l
- canonical/tp-link tl-war1300l firmware
- canonical/tp-link tl-war1300l
- canonical/tp-link tl-war1750l firmware
- canonical/tp-link tl-war1750l
- canonical/tp-link tl-war2600l firmware
- canonical/tp-link tl-war2600l