CVE-2017-16957 : TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd.

Published 2017-11-27 10:29:00

Updated 2019-10-03 00:03:26

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2017-16957

Tp-link » Tl-wvr450 Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-wvr450_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-wvr450 » Version: N/A
Tp-link » Tl-wvr450l Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-wvr450l_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-wvr450l » Version: N/A
Tp-link » Tl-wvr458 Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-wvr458_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-wvr458 » Version: N/A
Tp-link » Tl-wvr458l Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-wvr458l_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-wvr458l » Version: N/A
Tp-link » Tl-wvr458p Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-wvr458p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-wvr458p » Version: N/A
Tp-link » Tl-wvr900l Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-wvr900l_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-wvr900l » Version: N/A
Tp-link » Tl-wvr1200l Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-wvr1200l_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-wvr1200l » Version: N/A
Tp-link » Tl-wvr1300l Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-wvr1300l_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-wvr1300l » Version: N/A
Tp-link » Tl-wvr1300g Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-wvr1300g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-war1300g » Version: N/A
Tp-link » Tl-wvr1750l Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-wvr1750l_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-wvr1750l » Version: N/A
Tp-link » Tl-wvr4300l Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-wvr4300l_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-wvr4300l » Version: N/A
Tp-link » Tl-war302 Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-war302_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-war302 » Version: N/A
Tp-link » Tl-war450 Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-war450_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-war450 » Version: N/A
Tp-link » Tl-war450l Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-war450l_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-war450l » Version: N/A
Tp-link » Tl-war458 Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-war458_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-war458 » Version: N/A
Tp-link » Tl-war458l Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-war458l_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-war458l » Version: N/A
Tp-link » Tl-war900l Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-war900l_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-war900l » Version: N/A
Tp-link » Tl-war1200l Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-war1200l_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-war1200l » Version: N/A
Tp-link » Tl-war1300l Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-war1300l_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-war1300l » Version: N/A
Tp-link » Tl-war1750l Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-war1750l_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-war1750l » Version: N/A
Tp-link » Tl-war2600l Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-war2600l_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-wvr2600l » Version: N/A
Tp-link » Tl-er3210g Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-er3210g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-er3210g » Version: N/A
Tp-link » Tl-er3220g Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-er3220g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-er3220g » Version: N/A
Tp-link » Tl-er5110g Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-er5110g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-er5110g » Version: N/A
Tp-link » Tl-er5120g Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-er5120g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-er5120g » Version: N/A
Tp-link » Tl-er6110g Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-er6110g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-er6110g » Version: N/A
Tp-link » Tl-er6220g Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-er6220g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-er6220g » Version: N/A
Tp-link » Tl-er6510g Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-er6510g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-er6510g » Version: N/A
Tp-link » Tl-er7520g Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-er7520g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-er7520g » Version: N/A
Tp-link » Tl-r473g Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-r473g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-r473g » Version: N/A
Tp-link » Tl-r473p-ac Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-r473p-ac_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-r473p-ac » Version: N/A
Tp-link » Tl-r478g Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-r478g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-r478g » Version: N/A
Tp-link » Tl-r479p-ac Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-r479p-ac_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-r479p-ac » Version: N/A
Tp-link » Tl-r479gp-ac Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-r479gp-ac_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-r473gp-ac » Version: N/A
Tp-link » Tl-r479gpe-ac Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-r479gpe-ac_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-r479gpe-ac » Version: N/A
Tp-link » Tl-r4149g Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-r4149g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-r4149g » Version: N/A
Tp-link » Tl-wvr300 Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-wvr300_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-wvr300 » Version: N/A
Tp-link » Tl-wvr302 Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-wvr302_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-wvr302 » Version: N/A
Tp-link » Tl-wvr450g Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-wvr450g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-wvr450g » Version: N/A
Tp-link » Tl-wvr900g Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-wvr900g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-wvr900g » Version: N/A
Tp-link » Tl-er5510g Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-er5510g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-er5510g » Version: N/A
Tp-link » Tl-er5520g Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-er5520g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-er5520g » Version: N/A
Tp-link » Tl-er6120g Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-er6120g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-er6120g » Version: N/A
Tp-link » Tl-er6520g Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-er6520g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-er6520g » Version: N/A
Tp-link » Tl-r473 Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-r473_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-r473 » Version: N/A
Tp-link » Tl-r478 Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-r478_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-r478 » Version: N/A
Tp-link » Tl-r478+ Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-r478\+_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-r478+ » Version: N/A
Tp-link » Tl-r478g+ Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-r478g\+_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-r478g+ » Version: N/A
Tp-link » Tl-r483 Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-r483_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-r483 » Version: N/A
Tp-link » Tl-r483g Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-r483g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-r483g » Version: N/A
Tp-link » Tl-r488 Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-r488_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-r488 » Version: N/A
Tp-link » Tl-r4239g Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-r4239g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-r4239g » Version: N/A
Tp-link » Tl-r4299g Firmware » Version: N/A
cpe:2.3:o:tp-link:tl-r4299g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Tp-link » Tl-r4299g » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2017-16957

EPSS FAQ

3.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 85 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-16957

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.0	HIGH	AV:N/AC:L/Au:S/C:C/I:C/A:C	8.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
8.8	HIGH	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2017-16957

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-16957

http://www.securityfocus.com/bid/101968

Multiple TP-Link Routers CVE-2017-16957 Command Injection Vulnerability
Third Party Advisory;VDB Entry
https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkDiagnosticAuthenticatedRCE.txt

Wireless-Router-Vulnerability/TplinkDiagnosticAuthenticatedRCE.txt at master · coincoin7/Wireless-Router-Vulnerability · GitHub
Exploit;Third Party Advisory

Jump to

Vulnerability Details : CVE-2017-16957

Products affected by CVE-2017-16957

Exploit prediction scoring system (EPSS) score for CVE-2017-16957

CVSS scores for CVE-2017-16957

CWE ids for CVE-2017-16957

References for CVE-2017-16957