Vulnerability Name:

CVE-2017-15632 (CCN-137374)

Assigned:2017-10-19
Published:2018-01-10
Updated:2019-10-03
Summary:TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_server.lua file.
CVSS v3 Severity:7.2 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
6.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.2 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
6.3 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2017-15632

Source: CCN
Type: BugTraq Mailing List, Wed, 10 Jan 2018 11:44:46 GMT
Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637)

Source: BUGTRAQ
Type: Exploit, Third Party Advisory, VDB Entry
20180110 Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637)

Source: CCN
Type: TP-Link Web site
TP-Link

Source: XF
Type: UNKNOWN
tplink-cve201715632-command-exec(137374)

Source: MISC
Type: Exploit, Third Party Advisory
https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt

Vulnerable Configuration:Configuration 1:
  • cpe:/o:tp-link:er5110g_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:er5110g:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:tp-link:er5120g_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:er5120g:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:tp-link:er5510g_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:er5510g:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:tp-link:er5520g_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:er5520g:-:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:tp-link:r4149g_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:r4149g:-:*:*:*:*:*:*:*

    • Configuration 6:
  • cpe:/o:tp-link:r4239g_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:r4239g:-:*:*:*:*:*:*:*

    • Configuration 7:
  • cpe:/o:tp-link:r4299g_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:r4299g:-:*:*:*:*:*:*:*

    • Configuration 8:
  • cpe:/o:tp-link:r473gp-ac_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:r473gp-ac:-:*:*:*:*:*:*:*

    • Configuration 9:
  • cpe:/o:tp-link:r473g_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:r473g:-:*:*:*:*:*:*:*

    • Configuration 10:
  • cpe:/o:tp-link:r473p-ac_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:r473p-ac:-:*:*:*:*:*:*:*

    • Configuration 11:
  • cpe:/o:tp-link:r473_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:r473:-:*:*:*:*:*:*:*

    • Configuration 12:
  • cpe:/o:tp-link:r478g+_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:r478g+:-:*:*:*:*:*:*:*

    • Configuration 13:
  • cpe:/o:tp-link:r478_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:r478:-:*:*:*:*:*:*:*

    • Configuration 14:
  • cpe:/o:tp-link:r478+_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:r478+:-:*:*:*:*:*:*:*

    • Configuration 15:
  • cpe:/o:tp-link:r483g_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:r483g:-:*:*:*:*:*:*:*

    • Configuration 16:
  • cpe:/o:tp-link:r483_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:r483:-:*:*:*:*:*:*:*

    • Configuration 17:
  • cpe:/o:tp-link:r488_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:r488:-:*:*:*:*:*:*:*

    • Configuration 18:
  • cpe:/o:tp-link:war1300l_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:war1300l:-:*:*:*:*:*:*:*

    • Configuration 19:
  • cpe:/o:tp-link:war1750l_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:war1750l:-:*:*:*:*:*:*:*

    • Configuration 20:
  • cpe:/o:tp-link:war2600l_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:war2600l:-:*:*:*:*:*:*:*

    • Configuration 21:
  • cpe:/o:tp-link:war302_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:war302:-:*:*:*:*:*:*:*

    • Configuration 22:
  • cpe:/o:tp-link:war450l_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:war450l:-:*:*:*:*:*:*:*

    • Configuration 23:
  • cpe:/o:tp-link:war450_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:war450:-:*:*:*:*:*:*:*

    • Configuration 24:
  • cpe:/o:tp-link:war458l_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:war458l:-:*:*:*:*:*:*:*

    • Configuration 25:
  • cpe:/o:tp-link:war458_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:war458:-:*:*:*:*:*:*:*

    • Configuration 26:
  • cpe:/o:tp-link:war900l_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:war900l:-:*:*:*:*:*:*:*

    • Configuration 27:
  • cpe:/o:tp-link:wvr1300g_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:wvr1300g:-:*:*:*:*:*:*:*

    • Configuration 28:
  • cpe:/o:tp-link:wvr1300l_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:wvr1300l:-:*:*:*:*:*:*:*

    • Configuration 29:
  • cpe:/o:tp-link:wvr1750l_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:wvr1750l:-:*:*:*:*:*:*:*

    • Configuration 30:
  • cpe:/o:tp-link:wvr2600l_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:wvr2600l:-:*:*:*:*:*:*:*

    • Configuration 31:
  • cpe:/o:tp-link:wvr300_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:wvr300:-:*:*:*:*:*:*:*

    • Configuration 32:
  • cpe:/o:tp-link:wvr302_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:wvr302:-:*:*:*:*:*:*:*

    • Configuration 33:
  • cpe:/o:tp-link:wvr4300l_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:wvr4300l:-:*:*:*:*:*:*:*

    • Configuration 34:
  • cpe:/o:tp-link:wvr450l_firmware:1.0161125:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:wvr450l:-:*:*:*:*:*:*:*

    • Configuration 35:
  • cpe:/o:tp-link:wvr450_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:wvr450:-:*:*:*:*:*:*:*

    • Configuration 36:
  • cpe:/o:tp-link:wvr458l_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:wvr458l:-:*:*:*:*:*:*:*

    • Configuration 37:
  • cpe:/o:tp-link:wvr900g_firmware:3.0_170306:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:wvr900g:-:*:*:*:*:*:*:*

    • Configuration 38:
  • cpe:/o:tp-link:wvr900l_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:wvr900l:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/h:tp-link:er5110g:-:*:*:*:*:*:*:*
  • OR cpe:/h:tp-link:r4149g:-:*:*:*:*:*:*:*
  • OR cpe:/h:tp-link:war1300l:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    tp-link er5110g firmware -
    tp-link er5110g -
    tp-link er5120g firmware -
    tp-link er5120g -
    tp-link er5510g firmware -
    tp-link er5510g -
    tp-link er5520g firmware -
    tp-link er5520g -
    tp-link r4149g firmware -
    tp-link r4149g -
    tp-link r4239g firmware -
    tp-link r4239g -
    tp-link r4299g firmware -
    tp-link r4299g -
    tp-link r473gp-ac firmware -
    tp-link r473gp-ac -
    tp-link r473g firmware -
    tp-link r473g -
    tp-link r473p-ac firmware -
    tp-link r473p-ac -
    tp-link r473 firmware -
    tp-link r473 -
    tp-link r478g+ firmware -
    tp-link r478g+ -
    tp-link r478 firmware -
    tp-link r478 -
    tp-link r478+ firmware -
    tp-link r478+ -
    tp-link r483g firmware -
    tp-link r483g -
    tp-link r483 firmware -
    tp-link r483 -
    tp-link r488 firmware -
    tp-link r488 -
    tp-link war1300l firmware -
    tp-link war1300l -
    tp-link war1750l firmware -
    tp-link war1750l -
    tp-link war2600l firmware -
    tp-link war2600l -
    tp-link war302 firmware -
    tp-link war302 -
    tp-link war450l firmware -
    tp-link war450l -
    tp-link war450 firmware -
    tp-link war450 -
    tp-link war458l firmware -
    tp-link war458l -
    tp-link war458 firmware -
    tp-link war458 -
    tp-link war900l firmware -
    tp-link war900l -
    tp-link wvr1300g firmware -
    tp-link wvr1300g -
    tp-link wvr1300l firmware -
    tp-link wvr1300l -
    tp-link wvr1750l firmware -
    tp-link wvr1750l -
    tp-link wvr2600l firmware -
    tp-link wvr2600l -
    tp-link wvr300 firmware -
    tp-link wvr300 -
    tp-link wvr302 firmware -
    tp-link wvr302 -
    tp-link wvr4300l firmware -
    tp-link wvr4300l -
    tp-link wvr450l firmware 1.0161125
    tp-link wvr450l -
    tp-link wvr450 firmware -
    tp-link wvr450 -
    tp-link wvr458l firmware -
    tp-link wvr458l -
    tp-link wvr900g firmware 3.0_170306
    tp-link wvr900g -
    tp-link wvr900l firmware -
    tp-link wvr900l -
    tp-link er5110g -
    tp-link r4149g -
    tp-link war1300l -