CVE-2017-16960

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd.
Configurations

Configuration 1 (hide)

OR cpe:2.3:h:tp-link:tl-er5510g:v2:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er5510g:v3:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er5520g:v2:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er5520g:v3:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er6120g:v2:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er6520g:v2:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er6520g:v3:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r4239g:v2:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r4299g:v2:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r473:v5:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r478:v6:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r478\+:v7:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r478g\+:v3:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r483:v5:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r483g:v2:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r488:v5:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr300:v4:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr302:v2:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr450g:v5:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr900g:v3:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:tp-link:tl-wvr450_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr450:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:tp-link:tl-wvr450l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr450l:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:tp-link:tl-wvr458_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr458:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:tp-link:tl-wvr458l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr458l:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:tp-link:tl-wvr458p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr458p:*:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:tp-link:tl-wvr900l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr900l:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:tp-link:tl-wvr1200l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr1200l:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:tp-link:tl-wvr1300l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr1300l:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:tp-link:tl-wvr1300g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr1300g:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:tp-link:tl-wvr1750l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr1750l:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:tp-link:tl-wvr2600l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr2600l:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:tp-link:tl-wvr4300l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wvr4300l:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:tp-link:tl-war302_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-war302:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:tp-link:tl-war450_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-war450:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:tp-link:tl-war450l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-war450l:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:tp-link:tl-war458_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-war458:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:tp-link:tl-war458l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-war458l:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:tp-link:tl-war900l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-war900l:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:tp-link:tl-war1200l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-war1200l:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:tp-link:tl-war1300l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-war1300l:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:tp-link:tl-war1750l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-war1750l:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:tp-link:tl-war2600l_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-war2600l:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:tp-link:tl-er3210g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er3210g:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:tp-link:tl-er3220g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er3220g:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:tp-link:tl-er5110g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er5110g:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:tp-link:tl-er5120g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er5120g:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:tp-link:tl-er6110g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er6110g:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND
cpe:2.3:o:tp-link:tl-er6220g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er6220g:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND
cpe:2.3:o:tp-link:tl-er6510g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er6510g:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND
cpe:2.3:o:tp-link:tl-er7520g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-er7520g:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND
cpe:2.3:o:tp-link:tl-r473g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r473g:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND
cpe:2.3:o:tp-link:tl-r473p-ac_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r473p-ac:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND
cpe:2.3:o:tp-link:tl-r473gp-ac_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r473gp-ac:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND
cpe:2.3:o:tp-link:tl-r478g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r478g:-:*:*:*:*:*:*:*

Configuration 36 (hide)

AND
cpe:2.3:o:tp-link:tl-r478g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r478g:-:*:*:*:*:*:*:*

Configuration 37 (hide)

AND
cpe:2.3:o:tp-link:tl-r479p-ac_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r479p-ac:-:*:*:*:*:*:*:*

Configuration 38 (hide)

AND
cpe:2.3:o:tp-link:tl-r479gp-ac_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r479gp-ac:-:*:*:*:*:*:*:*

Configuration 39 (hide)

AND
cpe:2.3:o:tp-link:tl-r479gpe-ac_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r479gpe-ac:-:*:*:*:*:*:*:*

Configuration 40 (hide)

AND
cpe:2.3:o:tp-link:tl-r4149g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-r4149g:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:17

Type Values Removed Values Added
References () https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkInterfaceAuthenticatedRCE.txt - Issue Tracking () https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkInterfaceAuthenticatedRCE.txt - Issue Tracking

Information

Published : 2017-11-27 10:29

Updated : 2024-11-21 03:17


NVD link : CVE-2017-16960

Mitre link : CVE-2017-16960

CVE.ORG link : CVE-2017-16960


JSON object : View

Products Affected

tp-link

  • tl-wvr450_firmware
  • tl-er5110g_firmware
  • tl-r488
  • tl-wvr900g
  • tl-wvr4300l_firmware
  • tl-wvr450l_firmware
  • tl-wvr2600l
  • tl-er5510g
  • tl-wvr1300g
  • tl-wvr900l_firmware
  • tl-r473gp-ac
  • tl-war458_firmware
  • tl-wvr2600l_firmware
  • tl-er3210g_firmware
  • tl-wvr1200l
  • tl-wvr1200l_firmware
  • tl-war1300l_firmware
  • tl-r483
  • tl-war1200l_firmware
  • tl-war900l_firmware
  • tl-war900l
  • tl-wvr458p_firmware
  • tl-wvr450l
  • tl-war1750l_firmware
  • tl-er3220g
  • tl-r473g
  • tl-wvr458p
  • tl-er6510g_firmware
  • tl-wvr4300l
  • tl-wvr450g
  • tl-war2600l
  • tl-er5120g_firmware
  • tl-wvr458_firmware
  • tl-wvr302
  • tl-er7520g_firmware
  • tl-war458
  • tl-er5110g
  • tl-war302
  • tl-r478g\+
  • tl-r483g
  • tl-er3220g_firmware
  • tl-r479p-ac_firmware
  • tl-r473p-ac_firmware
  • tl-war1200l
  • tl-r473p-ac
  • tl-er6220g_firmware
  • tl-war458l_firmware
  • tl-r479gp-ac_firmware
  • tl-r478g
  • tl-er6510g
  • tl-er6110g
  • tl-r478
  • tl-r479gp-ac
  • tl-r4149g
  • tl-r473
  • tl-war302_firmware
  • tl-wvr1300l_firmware
  • tl-war2600l_firmware
  • tl-er7520g
  • tl-war450l_firmware
  • tl-r4239g
  • tl-wvr1750l_firmware
  • tl-r4299g
  • tl-wvr450
  • tl-wvr1750l
  • tl-war1750l
  • tl-war450_firmware
  • tl-er6220g
  • tl-r479gpe-ac_firmware
  • tl-r478\+
  • tl-r479p-ac
  • tl-wvr458l
  • tl-r473g_firmware
  • tl-wvr458l_firmware
  • tl-er6120g
  • tl-wvr900l
  • tl-er5120g
  • tl-wvr1300l
  • tl-war450l
  • tl-r479gpe-ac
  • tl-er5520g
  • tl-r4149g_firmware
  • tl-war450
  • tl-er6520g
  • tl-wvr300
  • tl-wvr1300g_firmware
  • tl-er6110g_firmware
  • tl-war1300l
  • tl-er3210g
  • tl-war458l
  • tl-r473gp-ac_firmware
  • tl-r478g_firmware
  • tl-wvr458
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')