|
2017-11-27
|
CVE-2017-16960
|
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd.
|
Tl\-Er3210g_firmware, Tl\-Er3220g_firmware, Tl\-Er5110g_firmware, Tl\-Er5120g_firmware, Tl\-Er5510g, Tl\-Er5520g, Tl\-Er6110g_firmware, Tl\-Er6120g, Tl\-Er6220g_firmware, Tl\-Er6510g_firmware, Tl\-Er6520g, Tl\-Er7520g_firmware, Tl\-R4149g_firmware, Tl\-R4239g, Tl\-R4299g, Tl\-R473, Tl\-R473g_firmware, Tl\-R473gp\-Ac_firmware, Tl\-R473p\-Ac_firmware, Tl\-R478, Tl\-R478\+, Tl\-R478g\+, Tl\-R478g_firmware, Tl\-R479gp\-Ac_firmware, Tl\-R479gpe\-Ac_firmware, Tl\-R479p\-Ac_firmware, Tl\-R483, Tl\-R483g, Tl\-R488, Tl\-War1200l_firmware, Tl\-War1300l_firmware, Tl\-War1750l_firmware, Tl\-War2600l_firmware, Tl\-War302_firmware, Tl\-War450_firmware, Tl\-War450l_firmware, Tl\-War458_firmware, Tl\-War458l_firmware, Tl\-War900l_firmware, Tl\-Wvr1200l_firmware, Tl\-Wvr1300g_firmware, Tl\-Wvr1300l_firmware, Tl\-Wvr1750l_firmware, Tl\-Wvr2600l_firmware, Tl\-Wvr300, Tl\-Wvr302, Tl\-Wvr4300l_firmware, Tl\-Wvr450_firmware, Tl\-Wvr450g, Tl\-Wvr450l_firmware, Tl\-Wvr458_firmware, Tl\-Wvr458l_firmware, Tl\-Wvr458p_firmware, Tl\-Wvr900g, Tl\-Wvr900l_firmware
|
8.8
|
|
|
|
2017-11-27
|
CVE-2017-16958
|
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/bridge.lua in uhttpd.
|
Tl\-Er3210g_firmware, Tl\-Er3220g_firmware, Tl\-Er5110g_firmware, Tl\-Er5120g_firmware, Tl\-Er5510g_firmware, Tl\-Er5520g_firmware, Tl\-Er6110g_firmware, Tl\-Er6120g_firmware, Tl\-Er6220g_firmware, Tl\-Er6510g_firmware, Tl\-Er6520g_firmware, Tl\-Er7520g_firmware, Tl\-R4149g_firmware, Tl\-R4239g_firmware, Tl\-R4299g_firmware, Tl\-R473_firmware, Tl\-R473g_firmware, Tl\-R473p\-Ac_firmware, Tl\-R478\+_firmware, Tl\-R478_firmware, Tl\-R478g\+_firmware, Tl\-R478g_firmware, Tl\-R479gp\-Ac_firmware, Tl\-R479gpe\-Ac_firmware, Tl\-R479p\-Ac_firmware, Tl\-R483_firmware, Tl\-R483g_firmware, Tl\-R488_firmware, Tl\-War1200l_firmware, Tl\-War1300l_firmware, Tl\-War1750l_firmware, Tl\-War2600l_firmware, Tl\-War302_firmware, Tl\-War450_firmware, Tl\-War450l_firmware, Tl\-War458_firmware, Tl\-War458l_firmware, Tl\-War900l_firmware, Tl\-Wvr1200l_firmware, Tl\-Wvr1300g_firmware, Tl\-Wvr1300l_firmware, Tl\-Wvr1750l_firmware, Tl\-Wvr300_firmware, Tl\-Wvr302_firmware, Tl\-Wvr4300l_firmware, Tl\-Wvr450_firmware, Tl\-Wvr450g_firmware, Tl\-Wvr450l_firmware, Tl\-Wvr458_firmware, Tl\-Wvr458l_firmware, Tl\-Wvr458p_firmware, Tl\-Wvr900g_firmware, Tl\-Wvr900l_firmware
|
8.8
|
|
|
|
2017-11-27
|
CVE-2017-16957
|
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd.
|
Tl\-Er3210g_firmware, Tl\-Er3220g_firmware, Tl\-Er5110g_firmware, Tl\-Er5120g_firmware, Tl\-Er5510g_firmware, Tl\-Er5520g_firmware, Tl\-Er6110g_firmware, Tl\-Er6120g_firmware, Tl\-Er6220g_firmware, Tl\-Er6510g_firmware, Tl\-Er6520g_firmware, Tl\-Er7520g_firmware, Tl\-R4149g_firmware, Tl\-R4239g_firmware, Tl\-R4299g_firmware, Tl\-R473_firmware, Tl\-R473g_firmware, Tl\-R473p\-Ac_firmware, Tl\-R478\+_firmware, Tl\-R478_firmware, Tl\-R478g\+_firmware, Tl\-R478g_firmware, Tl\-R479gp\-Ac_firmware, Tl\-R479gpe\-Ac_firmware, Tl\-R479p\-Ac_firmware, Tl\-R483_firmware, Tl\-R483g_firmware, Tl\-R488_firmware, Tl\-War1200l_firmware, Tl\-War1300l_firmware, Tl\-War1750l_firmware, Tl\-War2600l_firmware, Tl\-War302_firmware, Tl\-War450_firmware, Tl\-War450l_firmware, Tl\-War458_firmware, Tl\-War458l_firmware, Tl\-War900l_firmware, Tl\-Wvr1200l_firmware, Tl\-Wvr1300g_firmware, Tl\-Wvr1300l_firmware, Tl\-Wvr1750l_firmware, Tl\-Wvr300_firmware, Tl\-Wvr302_firmware, Tl\-Wvr4300l_firmware, Tl\-Wvr450_firmware, Tl\-Wvr450g_firmware, Tl\-Wvr450l_firmware, Tl\-Wvr458_firmware, Tl\-Wvr458l_firmware, Tl\-Wvr458p_firmware, Tl\-Wvr900g_firmware, Tl\-Wvr900l_firmware
|
8.8
|
|
|
|
2017-11-27
|
CVE-2017-16959
|
The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd.
|
Tl\-Er3210g_firmware, Tl\-Er3220g_firmware, Tl\-Er5110g_firmware, Tl\-Er5120g_firmware, Tl\-Er5510g_firmware, Tl\-Er5520g_firmware, Tl\-Er6110g_firmware, Tl\-Er6120g_firmware, Tl\-Er6220g_firmware, Tl\-Er6510g_firmware, Tl\-Er6520g_firmware, Tl\-Er7520g_firmware, Tl\-R4149g_firmware, Tl\-R4239g_firmware, Tl\-R4299g_firmware, Tl\-R473_firmware, Tl\-R473g_firmware, Tl\-R473p\-Ac_firmware, Tl\-R478\+_firmware, Tl\-R478_firmware, Tl\-R478g\+_firmware, Tl\-R478g_firmware, Tl\-R479gp\-Ac_firmware, Tl\-R479gpe\-Ac_firmware, Tl\-R479p\-Ac_firmware, Tl\-R483_firmware, Tl\-R483g_firmware, Tl\-R488_firmware, Tl\-War1200l_firmware, Tl\-War1300l_firmware, Tl\-War1750l_firmware, Tl\-War2600l_firmware, Tl\-War302_firmware, Tl\-War450_firmware, Tl\-War450l_firmware, Tl\-War458_firmware, Tl\-War458l_firmware, Tl\-War900l_firmware, Tl\-Wvr1200l_firmware, Tl\-Wvr1300g_firmware, Tl\-Wvr1300l_firmware, Tl\-Wvr1750l_firmware, Tl\-Wvr300_firmware, Tl\-Wvr302_firmware, Tl\-Wvr4300l_firmware, Tl\-Wvr450_firmware, Tl\-Wvr450g_firmware, Tl\-Wvr450l_firmware, Tl\-Wvr458_firmware, Tl\-Wvr458l_firmware, Tl\-Wvr458p_firmware, Tl\-Wvr900g_firmware, Tl\-Wvr900l_firmware
|
6.5
|
|
|