Product:

Tl\-Wvr900l_firmware

(Tp\-Link)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 6
Date Id Summary Products Score Patch Annotated
2017-12-19 CVE-2017-17758 TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_bydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua in uhttpd. Tl\-War1200l_firmware, Tl\-War1300l_firmware, Tl\-War1750l_firmware, Tl\-War2600l_firmware, Tl\-War450l_firmware, Tl\-War458l_firmware, Tl\-War900l_firmware, Tl\-Wvr1200l_firmware, Tl\-Wvr1300l_firmware, Tl\-Wvr1750l_firmware, Tl\-Wvr2600l_firmware, Tl\-Wvr4300l_firmware, Tl\-Wvr450l_firmware, Tl\-Wvr458l_firmware, Tl\-Wvr900l_firmware 8.8
2017-12-19 CVE-2017-17757 TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua in uhttpd. Tl\-War1200l_firmware, Tl\-War1300l_firmware, Tl\-War1750l_firmware, Tl\-War2600l_firmware, Tl\-War450l_firmware, Tl\-War458l_firmware, Tl\-War900l_firmware, Tl\-Wvr1200l_firmware, Tl\-Wvr1300l_firmware, Tl\-Wvr1750l_firmware, Tl\-Wvr2600l_firmware, Tl\-Wvr4300l_firmware, Tl\-Wvr450l_firmware, Tl\-Wvr458l_firmware, Tl\-Wvr900l_firmware 8.8
2017-11-27 CVE-2017-16960 TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd. Tl\-Er3210g_firmware, Tl\-Er3220g_firmware, Tl\-Er5110g_firmware, Tl\-Er5120g_firmware, Tl\-Er5510g, Tl\-Er5520g, Tl\-Er6110g_firmware, Tl\-Er6120g, Tl\-Er6220g_firmware, Tl\-Er6510g_firmware, Tl\-Er6520g, Tl\-Er7520g_firmware, Tl\-R4149g_firmware, Tl\-R4239g, Tl\-R4299g, Tl\-R473, Tl\-R473g_firmware, Tl\-R473gp\-Ac_firmware, Tl\-R473p\-Ac_firmware, Tl\-R478, Tl\-R478\+, Tl\-R478g\+, Tl\-R478g_firmware, Tl\-R479gp\-Ac_firmware, Tl\-R479gpe\-Ac_firmware, Tl\-R479p\-Ac_firmware, Tl\-R483, Tl\-R483g, Tl\-R488, Tl\-War1200l_firmware, Tl\-War1300l_firmware, Tl\-War1750l_firmware, Tl\-War2600l_firmware, Tl\-War302_firmware, Tl\-War450_firmware, Tl\-War450l_firmware, Tl\-War458_firmware, Tl\-War458l_firmware, Tl\-War900l_firmware, Tl\-Wvr1200l_firmware, Tl\-Wvr1300g_firmware, Tl\-Wvr1300l_firmware, Tl\-Wvr1750l_firmware, Tl\-Wvr2600l_firmware, Tl\-Wvr300, Tl\-Wvr302, Tl\-Wvr4300l_firmware, Tl\-Wvr450_firmware, Tl\-Wvr450g, Tl\-Wvr450l_firmware, Tl\-Wvr458_firmware, Tl\-Wvr458l_firmware, Tl\-Wvr458p_firmware, Tl\-Wvr900g, Tl\-Wvr900l_firmware 8.8
2017-11-27 CVE-2017-16958 TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/bridge.lua in uhttpd. Tl\-Er3210g_firmware, Tl\-Er3220g_firmware, Tl\-Er5110g_firmware, Tl\-Er5120g_firmware, Tl\-Er5510g_firmware, Tl\-Er5520g_firmware, Tl\-Er6110g_firmware, Tl\-Er6120g_firmware, Tl\-Er6220g_firmware, Tl\-Er6510g_firmware, Tl\-Er6520g_firmware, Tl\-Er7520g_firmware, Tl\-R4149g_firmware, Tl\-R4239g_firmware, Tl\-R4299g_firmware, Tl\-R473_firmware, Tl\-R473g_firmware, Tl\-R473p\-Ac_firmware, Tl\-R478\+_firmware, Tl\-R478_firmware, Tl\-R478g\+_firmware, Tl\-R478g_firmware, Tl\-R479gp\-Ac_firmware, Tl\-R479gpe\-Ac_firmware, Tl\-R479p\-Ac_firmware, Tl\-R483_firmware, Tl\-R483g_firmware, Tl\-R488_firmware, Tl\-War1200l_firmware, Tl\-War1300l_firmware, Tl\-War1750l_firmware, Tl\-War2600l_firmware, Tl\-War302_firmware, Tl\-War450_firmware, Tl\-War450l_firmware, Tl\-War458_firmware, Tl\-War458l_firmware, Tl\-War900l_firmware, Tl\-Wvr1200l_firmware, Tl\-Wvr1300g_firmware, Tl\-Wvr1300l_firmware, Tl\-Wvr1750l_firmware, Tl\-Wvr300_firmware, Tl\-Wvr302_firmware, Tl\-Wvr4300l_firmware, Tl\-Wvr450_firmware, Tl\-Wvr450g_firmware, Tl\-Wvr450l_firmware, Tl\-Wvr458_firmware, Tl\-Wvr458l_firmware, Tl\-Wvr458p_firmware, Tl\-Wvr900g_firmware, Tl\-Wvr900l_firmware 8.8
2017-11-27 CVE-2017-16957 TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd. Tl\-Er3210g_firmware, Tl\-Er3220g_firmware, Tl\-Er5110g_firmware, Tl\-Er5120g_firmware, Tl\-Er5510g_firmware, Tl\-Er5520g_firmware, Tl\-Er6110g_firmware, Tl\-Er6120g_firmware, Tl\-Er6220g_firmware, Tl\-Er6510g_firmware, Tl\-Er6520g_firmware, Tl\-Er7520g_firmware, Tl\-R4149g_firmware, Tl\-R4239g_firmware, Tl\-R4299g_firmware, Tl\-R473_firmware, Tl\-R473g_firmware, Tl\-R473p\-Ac_firmware, Tl\-R478\+_firmware, Tl\-R478_firmware, Tl\-R478g\+_firmware, Tl\-R478g_firmware, Tl\-R479gp\-Ac_firmware, Tl\-R479gpe\-Ac_firmware, Tl\-R479p\-Ac_firmware, Tl\-R483_firmware, Tl\-R483g_firmware, Tl\-R488_firmware, Tl\-War1200l_firmware, Tl\-War1300l_firmware, Tl\-War1750l_firmware, Tl\-War2600l_firmware, Tl\-War302_firmware, Tl\-War450_firmware, Tl\-War450l_firmware, Tl\-War458_firmware, Tl\-War458l_firmware, Tl\-War900l_firmware, Tl\-Wvr1200l_firmware, Tl\-Wvr1300g_firmware, Tl\-Wvr1300l_firmware, Tl\-Wvr1750l_firmware, Tl\-Wvr300_firmware, Tl\-Wvr302_firmware, Tl\-Wvr4300l_firmware, Tl\-Wvr450_firmware, Tl\-Wvr450g_firmware, Tl\-Wvr450l_firmware, Tl\-Wvr458_firmware, Tl\-Wvr458l_firmware, Tl\-Wvr458p_firmware, Tl\-Wvr900g_firmware, Tl\-Wvr900l_firmware 8.8
2017-11-27 CVE-2017-16959 The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd. Tl\-Er3210g_firmware, Tl\-Er3220g_firmware, Tl\-Er5110g_firmware, Tl\-Er5120g_firmware, Tl\-Er5510g_firmware, Tl\-Er5520g_firmware, Tl\-Er6110g_firmware, Tl\-Er6120g_firmware, Tl\-Er6220g_firmware, Tl\-Er6510g_firmware, Tl\-Er6520g_firmware, Tl\-Er7520g_firmware, Tl\-R4149g_firmware, Tl\-R4239g_firmware, Tl\-R4299g_firmware, Tl\-R473_firmware, Tl\-R473g_firmware, Tl\-R473p\-Ac_firmware, Tl\-R478\+_firmware, Tl\-R478_firmware, Tl\-R478g\+_firmware, Tl\-R478g_firmware, Tl\-R479gp\-Ac_firmware, Tl\-R479gpe\-Ac_firmware, Tl\-R479p\-Ac_firmware, Tl\-R483_firmware, Tl\-R483g_firmware, Tl\-R488_firmware, Tl\-War1200l_firmware, Tl\-War1300l_firmware, Tl\-War1750l_firmware, Tl\-War2600l_firmware, Tl\-War302_firmware, Tl\-War450_firmware, Tl\-War450l_firmware, Tl\-War458_firmware, Tl\-War458l_firmware, Tl\-War900l_firmware, Tl\-Wvr1200l_firmware, Tl\-Wvr1300g_firmware, Tl\-Wvr1300l_firmware, Tl\-Wvr1750l_firmware, Tl\-Wvr300_firmware, Tl\-Wvr302_firmware, Tl\-Wvr4300l_firmware, Tl\-Wvr450_firmware, Tl\-Wvr450g_firmware, Tl\-Wvr450l_firmware, Tl\-Wvr458_firmware, Tl\-Wvr458l_firmware, Tl\-Wvr458p_firmware, Tl\-Wvr900g_firmware, Tl\-Wvr900l_firmware 6.5