Vulnerability Name:

CVE-2017-17757 (CCN-136572)

Assigned:2017-12-19
Published:2017-12-19
Updated:2019-10-03
Summary:TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua in uhttpd.
CVSS v3 Severity:8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
8.0 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
8.0 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-78
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2017-17757

Source: CCN
Type: TP-Link Web site
TP-Link Australia - WiFi Networking Equipment for Home & Business

Source: XF
Type: UNKNOWN
tplink-cve201717757-cmd-exec(136572)

Source: CCN
Type: Router-Vulnerability-Research GIT Repository
Tplink_LUCI_Wechat_Authenticated_RCE_Record

Source: MISC
Type: Exploit, Issue Tracking, Third Party Advisory
https://github.com/L1ZhaoXin/Router-Vulnerability-Research/blob/master/Tplink_LUCI_Wechat_Authenticated_RCE_Record.txt

Vulnerable Configuration:Configuration 1:
  • cpe:/o:tp-link:tl-wvr450l_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:tl-wvr450l:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:tp-link:tl-wvr458l_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:tl-wvr458l:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:tp-link:tl-wvr900l_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:tl-wvr900l:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:tp-link:tl-wvr1200l_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:tl-wvr1200l:-:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:tp-link:tl-wvr1300l_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:tl-wvr1300l:-:*:*:*:*:*:*:*

    • Configuration 6:
  • cpe:/o:tp-link:tl-wvr1750l_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:tl-wvr1750l:-:*:*:*:*:*:*:*

    • Configuration 7:
  • cpe:/o:tp-link:tl-wvr2600l_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:tl-wvr2600l:-:*:*:*:*:*:*:*

    • Configuration 8:
  • cpe:/o:tp-link:tl-wvr4300l_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:tl-wvr4300l:-:*:*:*:*:*:*:*

    • Configuration 9:
  • cpe:/o:tp-link:tl-war450l_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:tl-war450l:-:*:*:*:*:*:*:*

    • Configuration 10:
  • cpe:/o:tp-link:tl-war458l_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:tl-war458l:-:*:*:*:*:*:*:*

    • Configuration 11:
  • cpe:/o:tp-link:tl-war900l_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:tl-war900l:-:*:*:*:*:*:*:*

    • Configuration 12:
  • cpe:/o:tp-link:tl-war1200l_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:tl-war1200l:-:*:*:*:*:*:*:*

    • Configuration 13:
  • cpe:/o:tp-link:tl-war1300l_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:tl-war1300l:-:*:*:*:*:*:*:*

    • Configuration 14:
  • cpe:/o:tp-link:tl-war1750l_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:tl-war1750l:-:*:*:*:*:*:*:*

    • Configuration 15:
  • cpe:/o:tp-link:tl-war2600l_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:tp-link:tl-war2600l:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/h:tp-link:tl-wvr4300l:-:*:*:*:*:*:*:*
  • OR cpe:/h:tp-link:tl-war2600l:-:*:*:*:*:*:*:*
  • OR cpe:/h:tp-link:tl-wvr450l:-:*:*:*:*:*:*:*
  • OR cpe:/h:tp-link:tl-wvr458l:-:*:*:*:*:*:*:*
  • OR cpe:/h:tp-link:tl-wvr900l:-:*:*:*:*:*:*:*
  • OR cpe:/h:tp-link:tl-wvr1200l:-:*:*:*:*:*:*:*
  • OR cpe:/h:tp-link:tl-wvr1300l:-:*:*:*:*:*:*:*
  • OR cpe:/h:tp-link:tl-wvr1750l:-:*:*:*:*:*:*:*
  • OR cpe:/h:tp-link:tl-wvr2600l:-:*:*:*:*:*:*:*
  • OR cpe:/h:tp-link:tl-war450l:-:*:*:*:*:*:*:*
  • OR cpe:/h:tp-link:tl-war900l:-:*:*:*:*:*:*:*
  • OR cpe:/h:tp-link:tl-war458l:-:*:*:*:*:*:*:*
  • OR cpe:/h:tp-link:tl-war1200l:-:*:*:*:*:*:*:*
  • OR cpe:/h:tp-link:tl-war1300l:-:*:*:*:*:*:*:*
  • OR cpe:/h:tp-link:tl-war1750l:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    tp-link tl-wvr450l firmware -
    tp-link tl-wvr450l -
    tp-link tl-wvr458l firmware -
    tp-link tl-wvr458l -
    tp-link tl-wvr900l firmware -
    tp-link tl-wvr900l -
    tp-link tl-wvr1200l firmware -
    tp-link tl-wvr1200l -
    tp-link tl-wvr1300l firmware -
    tp-link tl-wvr1300l -
    tp-link tl-wvr1750l firmware -
    tp-link tl-wvr1750l -
    tp-link tl-wvr2600l firmware -
    tp-link tl-wvr2600l -
    tp-link tl-wvr4300l firmware -
    tp-link tl-wvr4300l -
    tp-link tl-war450l firmware -
    tp-link tl-war450l -
    tp-link tl-war458l firmware -
    tp-link tl-war458l -
    tp-link tl-war900l firmware -
    tp-link tl-war900l -
    tp-link tl-war1200l firmware -
    tp-link tl-war1200l -
    tp-link tl-war1300l firmware -
    tp-link tl-war1300l -
    tp-link tl-war1750l firmware -
    tp-link tl-war1750l -
    tp-link tl-war2600l firmware -
    tp-link tl-war2600l -
    tp-link tl-wvr4300l -
    tp-link tl-war2600l -
    tp-link tl-wvr450l -
    tp-link tl-wvr458l -
    tp-link tl-wvr900l -
    tp-link tl-wvr1200l -
    tp-link tl-wvr1300l -
    tp-link tl-wvr1750l -
    tp-link tl-wvr2600l -
    tp-link tl-war450l -
    tp-link tl-war900l -
    tp-link tl-war458l -
    tp-link tl-war1200l -
    tp-link tl-war1300l -
    tp-link tl-war1750l -