CVE-2017-16960

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2017-16960
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkInterfaceAuthenticatedRCE.txt Issue Tracking
Configurations

Configuration 1 (hide)

OR cpe:2.3:h:tp-link:tl-er5510g:v2:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er5510g:v3:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er5520g:v2:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er5520g:v3:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er6120g:v2:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er6520g:v2:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er6520g:v3:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r4239g:v2:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r4299g:v2:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r473:v5:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r478:v6:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r478\+:v7:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r478g\+:v3:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r483:v5:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r483g:v2:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r488:v5:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr300:v4:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr302:v2:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr450g:v5:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr900g:v3:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:tp-link:tl-wvr450_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr450:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:tp-link:tl-wvr450l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr450l:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:tp-link:tl-wvr458_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr458:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:tp-link:tl-wvr458l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr458l:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:tp-link:tl-wvr458p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr458p:*:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:tp-link:tl-wvr900l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr900l:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:tp-link:tl-wvr1200l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr1200l:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:tp-link:tl-wvr1300l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr1300l:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:tp-link:tl-wvr1300g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr1300g:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:tp-link:tl-wvr1750l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr1750l:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:tp-link:tl-wvr2600l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr2600l:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:tp-link:tl-wvr4300l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr4300l:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:tp-link:tl-war302_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-war302:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:tp-link:tl-war450_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-war450:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:tp-link:tl-war450l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-war450l:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:tp-link:tl-war458_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-war458:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:tp-link:tl-war458l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-war458l:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:tp-link:tl-war900l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-war900l:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:tp-link:tl-war1200l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-war1200l:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:tp-link:tl-war1300l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-war1300l:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:tp-link:tl-war1750l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-war1750l:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:tp-link:tl-war2600l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-war2600l:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:tp-link:tl-er3210g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er3210g:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:tp-link:tl-er3220g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er3220g:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:tp-link:tl-er5110g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er5110g:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:tp-link:tl-er5120g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er5120g:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:tp-link:tl-er6110g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er6110g:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND
cpe:2.3:o:tp-link:tl-er6220g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er6220g:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND
cpe:2.3:o:tp-link:tl-er6510g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er6510g:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND
cpe:2.3:o:tp-link:tl-er7520g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er7520g:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND
cpe:2.3:o:tp-link:tl-r473g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r473g:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND
cpe:2.3:o:tp-link:tl-r473p-ac_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r473p-ac:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND
cpe:2.3:o:tp-link:tl-r473gp-ac_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r473gp-ac:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND
cpe:2.3:o:tp-link:tl-r478g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r478g:-:*:*:*:*:*:*:*

Configuration 36 (hide)

AND
cpe:2.3:o:tp-link:tl-r478g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r478g:-:*:*:*:*:*:*:*

Configuration 37 (hide)

AND
cpe:2.3:o:tp-link:tl-r479p-ac_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r479p-ac:-:*:*:*:*:*:*:*

Configuration 38 (hide)

AND
cpe:2.3:o:tp-link:tl-r479gp-ac_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r479gp-ac:-:*:*:*:*:*:*:*

Configuration 39 (hide)

AND
cpe:2.3:o:tp-link:tl-r479gpe-ac_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r479gpe-ac:-:*:*:*:*:*:*:*

Configuration 40 (hide)

AND
cpe:2.3:o:tp-link:tl-r4149g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r4149g:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2017-11-27 10:29

Updated : 2024-02-04 19:29

NVD link : CVE-2017-16960

Mitre link : CVE-2017-16960

CVE.ORG link : CVE-2017-16960

JSON object : View

Products Affected

tp-link

  • tl-war458l_firmware
  • tl-r478g_firmware
  • tl-er5120g_firmware
  • tl-wvr900l_firmware
  • tl-wvr1300g
  • tl-wvr4300l
  • tl-er3210g
  • tl-war458_firmware
  • tl-r479gpe-ac
  • tl-wvr4300l_firmware
  • tl-wvr458
  • tl-wvr2600l_firmware
  • tl-wvr2600l
  • tl-r473gp-ac_firmware
  • tl-war302
  • tl-er5110g_firmware
  • tl-war900l_firmware
  • tl-er7520g_firmware
  • tl-wvr450l_firmware
  • tl-wvr458_firmware
  • tl-war302_firmware
  • tl-war450l_firmware
  • tl-wvr302
  • tl-wvr450_firmware
  • tl-war450l
  • tl-wvr1750l
  • tl-r478
  • tl-war1200l
  • tl-war458l
  • tl-r473g
  • tl-r4149g_firmware
  • tl-r478\+
  • tl-war900l
  • tl-wvr1300g_firmware
  • tl-r4149g
  • tl-r473g_firmware
  • tl-er5110g
  • tl-r479p-ac
  • tl-wvr450
  • tl-wvr458l_firmware
  • tl-er6510g_firmware
  • tl-er3210g_firmware
  • tl-r473p-ac_firmware
  • tl-er6220g
  • tl-wvr458p_firmware
  • tl-er6520g
  • tl-er5520g
  • tl-er5120g
  • tl-wvr900g
  • tl-wvr1200l_firmware
  • tl-war2600l
  • tl-r478g
  • tl-war458
  • tl-r479gp-ac
  • tl-r473p-ac
  • tl-war1750l_firmware
  • tl-wvr450l
  • tl-wvr1200l
  • tl-er5510g
  • tl-wvr1300l_firmware
  • tl-r4239g
  • tl-er3220g_firmware
  • tl-r473gp-ac
  • tl-r473
  • tl-er3220g
  • tl-wvr458l
  • tl-er6120g
  • tl-r488
  • tl-wvr458p
  • tl-er6510g
  • tl-war450_firmware
  • tl-r478g\+
  • tl-wvr1750l_firmware
  • tl-r4299g
  • tl-war1300l
  • tl-wvr1300l
  • tl-r483
  • tl-war1300l_firmware
  • tl-er6220g_firmware
  • tl-r479gp-ac_firmware
  • tl-er7520g
  • tl-r483g
  • tl-r479gpe-ac_firmware
  • tl-war2600l_firmware
  • tl-war450
  • tl-wvr300
  • tl-wvr900l
  • tl-war1750l
  • tl-war1200l_firmware
  • tl-er6110g
  • tl-er6110g_firmware
  • tl-wvr450g
  • tl-r479p-ac_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')