Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-16960

Опубликовано: 27 нояб. 2017
Источник: nvd
CVSS3: 8.8
CVSS2: 9
EPSS Низкий

Описание

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:h:tp-link:tl-er5510g:v2:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er5510g:v3:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er5520g:v2:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er5520g:v3:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er6120g:v2:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er6520g:v2:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er6520g:v3:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r4239g:v2:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r4299g:v2:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r473:v5:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r478:v6:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r478\+:v7:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r478g\+:v3:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r483:v5:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r483g:v2:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r488:v5:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr300:v4:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr302:v2:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr450g:v5:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr900g:v3:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:tp-link:tl-wvr450_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr450:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:tp-link:tl-wvr450l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr450l:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

cpe:2.3:o:tp-link:tl-wvr458_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr458:-:*:*:*:*:*:*:*
Конфигурация 5

Одновременно

cpe:2.3:o:tp-link:tl-wvr458l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr458l:-:*:*:*:*:*:*:*
Конфигурация 6

Одновременно

cpe:2.3:o:tp-link:tl-wvr458p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr458p:*:*:*:*:*:*:*:*
Конфигурация 7

Одновременно

cpe:2.3:o:tp-link:tl-wvr900l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr900l:-:*:*:*:*:*:*:*
Конфигурация 8

Одновременно

cpe:2.3:o:tp-link:tl-wvr1200l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr1200l:-:*:*:*:*:*:*:*
Конфигурация 9

Одновременно

cpe:2.3:o:tp-link:tl-wvr1300l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr1300l:-:*:*:*:*:*:*:*
Конфигурация 10

Одновременно

cpe:2.3:o:tp-link:tl-wvr1300g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr1300g:-:*:*:*:*:*:*:*
Конфигурация 11

Одновременно

cpe:2.3:o:tp-link:tl-wvr1750l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr1750l:-:*:*:*:*:*:*:*
Конфигурация 12

Одновременно

cpe:2.3:o:tp-link:tl-wvr2600l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr2600l:-:*:*:*:*:*:*:*
Конфигурация 13

Одновременно

cpe:2.3:o:tp-link:tl-wvr4300l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr4300l:-:*:*:*:*:*:*:*
Конфигурация 14

Одновременно

cpe:2.3:o:tp-link:tl-war302_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-war302:-:*:*:*:*:*:*:*
Конфигурация 15

Одновременно

cpe:2.3:o:tp-link:tl-war450_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-war450:-:*:*:*:*:*:*:*
Конфигурация 16

Одновременно

cpe:2.3:o:tp-link:tl-war450l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-war450l:-:*:*:*:*:*:*:*
Конфигурация 17

Одновременно

cpe:2.3:o:tp-link:tl-war458_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-war458:-:*:*:*:*:*:*:*
Конфигурация 18

Одновременно

cpe:2.3:o:tp-link:tl-war458l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-war458l:-:*:*:*:*:*:*:*
Конфигурация 19

Одновременно

cpe:2.3:o:tp-link:tl-war900l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-war900l:-:*:*:*:*:*:*:*
Конфигурация 20

Одновременно

cpe:2.3:o:tp-link:tl-war1200l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-war1200l:-:*:*:*:*:*:*:*
Конфигурация 21

Одновременно

cpe:2.3:o:tp-link:tl-war1300l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-war1300l:-:*:*:*:*:*:*:*
Конфигурация 22

Одновременно

cpe:2.3:o:tp-link:tl-war1750l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-war1750l:-:*:*:*:*:*:*:*
Конфигурация 23

Одновременно

cpe:2.3:o:tp-link:tl-war2600l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-war2600l:-:*:*:*:*:*:*:*
Конфигурация 24

Одновременно

cpe:2.3:o:tp-link:tl-er3210g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er3210g:-:*:*:*:*:*:*:*
Конфигурация 25

Одновременно

cpe:2.3:o:tp-link:tl-er3220g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er3220g:-:*:*:*:*:*:*:*
Конфигурация 26

Одновременно

cpe:2.3:o:tp-link:tl-er5110g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er5110g:-:*:*:*:*:*:*:*
Конфигурация 27

Одновременно

cpe:2.3:o:tp-link:tl-er5120g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er5120g:-:*:*:*:*:*:*:*
Конфигурация 28

Одновременно

cpe:2.3:o:tp-link:tl-er6110g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er6110g:-:*:*:*:*:*:*:*
Конфигурация 29

Одновременно

cpe:2.3:o:tp-link:tl-er6220g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er6220g:-:*:*:*:*:*:*:*
Конфигурация 30

Одновременно

cpe:2.3:o:tp-link:tl-er6510g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er6510g:-:*:*:*:*:*:*:*
Конфигурация 31

Одновременно

cpe:2.3:o:tp-link:tl-er7520g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er7520g:-:*:*:*:*:*:*:*
Конфигурация 32

Одновременно

cpe:2.3:o:tp-link:tl-r473g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r473g:-:*:*:*:*:*:*:*
Конфигурация 33

Одновременно

cpe:2.3:o:tp-link:tl-r473p-ac_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r473p-ac:-:*:*:*:*:*:*:*
Конфигурация 34

Одновременно

cpe:2.3:o:tp-link:tl-r473gp-ac_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r473gp-ac:-:*:*:*:*:*:*:*
Конфигурация 35

Одновременно

cpe:2.3:o:tp-link:tl-r478g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r478g:-:*:*:*:*:*:*:*
Конфигурация 36

Одновременно

cpe:2.3:o:tp-link:tl-r478g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r478g:-:*:*:*:*:*:*:*
Конфигурация 37

Одновременно

cpe:2.3:o:tp-link:tl-r479p-ac_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r479p-ac:-:*:*:*:*:*:*:*
Конфигурация 38

Одновременно

cpe:2.3:o:tp-link:tl-r479gp-ac_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r479gp-ac:-:*:*:*:*:*:*:*
Конфигурация 39

Одновременно

cpe:2.3:o:tp-link:tl-r479gpe-ac_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r479gpe-ac:-:*:*:*:*:*:*:*
Конфигурация 40

Одновременно

cpe:2.3:o:tp-link:tl-r4149g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r4149g:-:*:*:*:*:*:*:*

EPSS

Процентиль: 75%
0.00864
Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

github логотип

GHSA-vm48-97cm-q78p

CVSS3: 8.8
github
больше 3 лет назад

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd.

EPSS

Процентиль: 75%
0.00864
Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78