9

CVE-2017-16960

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd.

Data is provided by the National Vulnerability Database (NVD)
Tp-linkTl-er5510g Versionv2
Tp-linkTl-er5510g Versionv3
Tp-linkTl-er5520g Versionv2
Tp-linkTl-er5520g Versionv3
Tp-linkTl-er6120g Versionv2
Tp-linkTl-er6520g Versionv2
Tp-linkTl-er6520g Versionv3
Tp-linkTl-r4239g Versionv2
Tp-linkTl-r4299g Versionv2
Tp-linkTl-r473 Versionv5
Tp-linkTl-r478 Versionv6
Tp-linkTl-r483 Versionv5
Tp-linkTl-r483g Versionv2
Tp-linkTl-r488 Versionv5
Tp-linkTl-wvr300 Versionv4
Tp-linkTl-wvr302 Versionv2
Tp-linkTl-wvr450g Versionv5
Tp-linkTl-wvr900g Versionv3
Tp-linkTl-wvr450 Firmware Version-
   Tp-linkTl-wvr450 Version-
Tp-linkTl-wvr450l Firmware Version-
   Tp-linkTl-wvr450l Version-
Tp-linkTl-wvr458 Firmware Version-
   Tp-linkTl-wvr458 Version-
Tp-linkTl-wvr458l Firmware Version-
   Tp-linkTl-wvr458l Version-
Tp-linkTl-wvr900l Firmware Version-
   Tp-linkTl-wvr900l Version-
Tp-linkTl-wvr1200l Firmware Version-
   Tp-linkTl-wvr1200l Version-
Tp-linkTl-wvr1300l Firmware Version-
   Tp-linkTl-wvr1300l Version-
Tp-linkTl-wvr1300g Firmware Version-
   Tp-linkTl-wvr1300g Version-
Tp-linkTl-wvr1750l Firmware Version-
   Tp-linkTl-wvr1750l Version-
Tp-linkTl-wvr2600l Firmware Version-
   Tp-linkTl-wvr2600l Version-
Tp-linkTl-wvr4300l Firmware Version-
   Tp-linkTl-wvr4300l Version-
Tp-linkTl-war302 Firmware Version-
   Tp-linkTl-war302 Version-
Tp-linkTl-war450 Firmware Version-
   Tp-linkTl-war450 Version-
Tp-linkTl-war450l Firmware Version-
   Tp-linkTl-war450l Version-
Tp-linkTl-war458 Firmware Version-
   Tp-linkTl-war458 Version-
Tp-linkTl-war458l Firmware Version-
   Tp-linkTl-war458l Version-
Tp-linkTl-war900l Firmware Version-
   Tp-linkTl-war900l Version-
Tp-linkTl-war1200l Firmware Version-
   Tp-linkTl-war1200l Version-
Tp-linkTl-war1300l Firmware Version-
   Tp-linkTl-war1300l Version-
Tp-linkTl-war1750l Firmware Version-
   Tp-linkTl-war1750l Version-
Tp-linkTl-war2600l Firmware Version-
   Tp-linkTl-war2600l Version-
Tp-linkTl-er3210g Firmware Version-
   Tp-linkTl-er3210g Version-
Tp-linkTl-er5110g Firmware Version-
   Tp-linkTl-er5110g Version-
Tp-linkTl-er5120g Firmware Version-
   Tp-linkTl-er5120g Version-
Tp-linkTl-er6110g Firmware Version-
   Tp-linkTl-er6110g Version-
Tp-linkTl-er6220g Firmware Version-
   Tp-linkTl-er6220g Version-
Tp-linkTl-er6510g Firmware Version-
   Tp-linkTl-er6510g Version-
Tp-linkTl-er7520g Firmware Version-
   Tp-linkTl-er7520g Version-
Tp-linkTl-r473g Firmware Version-
   Tp-linkTl-r473g Version-
Tp-linkTl-r473p-ac Firmware Version-
   Tp-linkTl-r473p-ac Version-
Tp-linkTl-r473gp-ac Firmware Version-
   Tp-linkTl-r473gp-ac Version-
Tp-linkTl-r478g Firmware Version-
   Tp-linkTl-r478g Version-
Tp-linkTl-r478g Firmware Version-
   Tp-linkTl-r478g Version-
Tp-linkTl-r479p-ac Firmware Version-
   Tp-linkTl-r479p-ac Version-
Tp-linkTl-r479gp-ac Firmware Version-
   Tp-linkTl-r479gp-ac Version-
Tp-linkTl-r479gpe-ac Firmware Version-
   Tp-linkTl-r479gpe-ac Version-
Tp-linkTl-r4149g Firmware Version-
   Tp-linkTl-r4149g Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.86% 0.741
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 9 8 10
AV:N/AC:L/Au:S/C:C/I:C/A:C
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.