First published: Tue Dec 19 2017(Updated: )
TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_bydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua in uhttpd.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Tp-link Wvr450l Firmware | ||
TP-Link WVR450L | ||
TP-Link TL-WVR458L | ||
TP-Link TL-WVR458L Firmware | ||
TP-Link WVR900L Firmware | ||
TP-Link WVR900L Firmware | ||
TP-Link TL-WVR1200L | ||
TP-Link TL-WVR1200L Firmware | ||
TP-Link WVR1300L Firmware | ||
TP-Link WVR1300L | ||
TP-Link TL-WVR1750L Firmware | ||
TP-Link WVR1750L | ||
Tp-link Wvr2600l Firmware | ||
TP-Link WVR2600L | ||
TP-Link WVR4300L Firmware | ||
TP-Link WVR4300L Firmware | ||
TP-Link WR450L Firmware | ||
TP-Link TL-WAR450L Firmware | ||
TP-Link WAR458L Firmware | ||
TP-Link WAR458L | ||
TP-Link WDR900L Firmware | ||
TP-Link WAR900L | ||
TP-Link TL-WAR1200L Firmware | ||
TP-Link TL-WAR1200L Firmware | ||
TP-Link WAR1300L Firmware | ||
TP-Link WAR1300L | ||
TP-Link WAR1750L Firmware | ||
TP-Link WAR1750L Firmware | ||
Tp-link War2600l Firmware | ||
TP-Link Archer WAR2600L |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2017-17758.
The severity of CVE-2017-17758 is critical with a score of 8.8.
TP-Link TL-WVR and TL-WAR devices are affected.
Remote authenticated users can exploit CVE-2017-17758 by executing arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci.
The fix for CVE-2017-17758 is not mentioned in the provided information.