Search criteria
21 vulnerabilities found for tl-er5120g_firmware by tp-link
FKIE_CVE-2023-43135
Vulnerability from fkie_nvd - Published: 2023-09-20 22:15 - Updated: 2024-11-21 08:23
Severity ?
Summary
There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | tl-er5120g_firmware | 2.0.0 | |
| tp-link | tl-er5120g | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er5120g_firmware:2.0.0:build_210817:*:*:*:*:*:*",
"matchCriteriaId": "A2B4D738-CDCE-4028-9E4D-79513861A6BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5120g:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DB8458-AF43-4317-804C-378552E528A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de acceso no autorizado en TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, que permite a los atacantes obtener informaci\u00f3n sensible del dispositivo sin autenticaci\u00f3n, obtener tokens de usuario y, en \u00faltima instancia, iniciar sesi\u00f3n en la administraci\u00f3n del backend del dispositivo."
}
],
"id": "CVE-2023-43135",
"lastModified": "2024-11-21T08:23:45.607",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-20T22:15:13.640",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/unauthorized%20access/Unauthorized%20Access%20Vulnerability.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/unauthorized%20access/Unauthorized%20Access%20Vulnerability.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-43137
Vulnerability from fkie_nvd - Published: 2023-09-20 20:15 - Updated: 2024-11-21 08:23
Severity ?
Summary
TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/command%20injection/01/command%20injection01.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/command%20injection/01/command%20injection01.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | tl-er5120g_firmware | 2.0.0 | |
| tp-link | tl-er5120g | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er5120g_firmware:2.0.0:build_210817:*:*:*:*:*:*",
"matchCriteriaId": "A2B4D738-CDCE-4028-9E4D-79513861A6BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5120g:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DB8458-AF43-4317-804C-378552E528A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points."
},
{
"lang": "es",
"value": "TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n tiene una vulnerabilidad de inyecci\u00f3n de comandos, cuando un atacante agrega reglas ACL despu\u00e9s de la autenticaci\u00f3n y el par\u00e1metro de nombre de regla tiene puntos de inyecci\u00f3n."
}
],
"id": "CVE-2023-43137",
"lastModified": "2024-11-21T08:23:45.753",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-20T20:15:12.250",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/command%20injection/01/command%20injection01.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/command%20injection/01/command%20injection01.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-43138
Vulnerability from fkie_nvd - Published: 2023-09-20 20:15 - Updated: 2024-11-21 08:23
Severity ?
Summary
TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/command%20injection/02/command%20injection02.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/command%20injection/02/command%20injection02.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tp-link | tl-er5120g_firmware | 2.0.0 | |
| tp-link | tl-er5120g | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er5120g_firmware:2.0.0:build_210817:*:*:*:*:*:*",
"matchCriteriaId": "A2B4D738-CDCE-4028-9E4D-79513861A6BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5120g:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7DB8458-AF43-4317-804C-378552E528A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point."
},
{
"lang": "es",
"value": "TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n tiene una vulnerabilidad de inyecci\u00f3n de comandos, cuando un atacante agrega reglas NAPT despu\u00e9s de la autenticaci\u00f3n y el nombre de la regla tiene un punto de inyecci\u00f3n."
}
],
"id": "CVE-2023-43138",
"lastModified": "2024-11-21T08:23:45.900",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-20T20:15:12.303",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/command%20injection/02/command%20injection02.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/command%20injection/02/command%20injection02.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-16960
Vulnerability from fkie_nvd - Published: 2017-11-27 10:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5510g:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "D24328C0-9611-4789-93B5-B60268A58238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-er5510g:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D6B49A-76DE-4F4D-8769-6B57F0F07FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-er5520g:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "F462B7E8-30CA-43B7-B0AD-6BFF31390FB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-er5520g:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "C8CDB038-0534-472F-8900-1209E460B3AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-er6120g:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "78E2DC44-0319-4268-8912-25AD0F9FE867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-er6520g:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "E523045C-0C72-4C15-A777-CD80D01C9C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-er6520g:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "024E082F-16C4-4393-9B7D-60B2C0BC8FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-r4239g:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "1DEC78BE-3E4A-40D8-8064-A5B05AE50341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-r4299g:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "53D70E3D-9214-4446-AFE1-31F6B9AE5F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-r473:v5:*:*:*:*:*:*:*",
"matchCriteriaId": "D7DA7575-DE2E-4025-8FD5-403EE32C516F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-r478:v6:*:*:*:*:*:*:*",
"matchCriteriaId": "0D854EDA-5393-43CA-B088-6132EE0550F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-r478\\+:v7:*:*:*:*:*:*:*",
"matchCriteriaId": "E85E0A1B-A7AF-4E29-A7CE-B48B4D41EC11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-r478g\\+:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "8F5A5A9E-8D88-4AFE-8EB9-F7196C934923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-r483:v5:*:*:*:*:*:*:*",
"matchCriteriaId": "65C14007-6D98-4F55-9D7B-6B14E951DA75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-r483g:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "986C07E3-9DE4-485B-BC5E-67F266C6E5FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-r488:v5:*:*:*:*:*:*:*",
"matchCriteriaId": "8EEFEFB8-AED4-4C83-86D3-CE9502C5B36A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr300:v4:*:*:*:*:*:*:*",
"matchCriteriaId": "A96652E8-10EA-4B5E-BD64-1853672696B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr302:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "FBE70EF0-508C-4F34-829C-0B30FAA96E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr450g:v5:*:*:*:*:*:*:*",
"matchCriteriaId": "473671D0-D0C9-4D36-AE5E-E63A5EBA0C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr900g:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "8344CA75-15D5-4106-80DF-4772C1C0D3B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr450_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F740E87-DEB3-4DD7-90A0-08FF079F7242",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA306AC-0231-4359-8794-BFA81D085410",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr450l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB72835B-95E0-4C65-997C-6FE3656F5584",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr450l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFD8A41-3C39-4DB4-B908-ED65AB27BDB7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr458_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "982AFFBC-52BC-4921-87BB-8F0F1C31558C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr458:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B867C51B-FD51-40E1-BFFC-A9DA8A3606B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr458l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1583550-1D76-45E8-89A9-CD1D843BB93E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr458l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93F85C46-24B2-498E-AB6F-6329EF0F3B84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr458p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F3557E-AA91-4123-847A-79BB67A6571D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr458p:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F47FC91-5861-465F-BF05-8C666B818722",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr900l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F26DA2D7-B242-49D7-A54D-E8F4E8D9E1CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr900l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C4F2B2-F886-43ED-A29D-20865AA31B55",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1200l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "403F67A7-7E54-4255-9838-CDD6B9AA8266",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1200l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECE9545C-EC9B-47B0-BEA9-3B2D5109F970",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1300l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BFFF84-D7E5-475B-99E6-C93E3844CA4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1300l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBBB236-C33A-4FD7-888F-0BA9EB162B9C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1300g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B19D9121-35E3-479C-BE19-7E67DA2332C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1300g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D45A711-B6FD-48A4-B455-286F80DE221B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1750l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A6D7B7-781F-4F3C-B9B8-0C02BD7894F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1750l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7087925-7984-44DD-A20A-8B3C87802E3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr2600l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB1C13D-F1B7-40E4-8C70-3DBFBF17671B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr2600l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2896BBB8-BA92-4B36-9BB7-E9397CDBB545",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr4300l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14C817C4-0B32-402D-909A-1DC9CA39DA1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr4300l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3E532F4-3E42-4C9F-A01A-E7EFB7B48804",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war302_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CE1FA23-A3C7-4F9D-B466-624448BDC9B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war302:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9FD7E97-3478-4F42-BB4A-5A1E1DD53877",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war450_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DAF676-8D9B-4689-A6AD-189E44161410",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A167020D-FEB5-42E0-8815-B7F2501D6C65",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war450l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF8DEA2-F7D4-4ADC-B1F6-78A21CC75181",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war450l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF4F2966-FD95-4B94-A7FB-8021782AD170",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war458_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7355D93-F480-4E24-A0CD-CAC3AADE454F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war458:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D950C88-8CAA-430A-A5BB-B65E4FF13074",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war458l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC78CAB2-0C24-4FF8-B758-AADDB3F24989",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war458l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBD997E-88FC-4D23-B762-331A63A29C83",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war900l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A4D9E7B-E147-4F80-8CD9-D49B023EEBC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war900l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84AB3B41-D8B1-4A0C-A5DD-5254D96D0655",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war1200l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02A26160-2484-4517-B223-40A329DAEDFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1200l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72F6A8BD-0012-48FA-B5D0-A6F03097FEA7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war1300l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B0BCD4-BE7E-4E30-8D41-5BB30EDD1F21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1300l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6AE4D9-A750-4770-A07A-FC87DCA4E840",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war1750l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87876AD9-B258-4E8E-ABF6-6704F6EEE468",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1750l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E888A70B-984E-4D7C-B324-2F0E9C8E57C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war2600l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5CD25BA-4D2F-46FE-B73B-DBFEC70F16CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war2600l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4EF035-D38D-478C-BCAA-EE96EBEC9D80",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er3210g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FECE364D-6F3C-4378-9D26-03C551F8CF54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er3210g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B525A04A-6596-482F-82B6-46B61B9D6F84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er3220g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6FA6F6-2417-47D9-A4B8-E764C052A723",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er3220g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53E23FA7-5DB6-4F61-B925-C027769DDAB6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er5110g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CE6F205-6017-4855-9D3A-CCCAAF4CD326",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5110g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4F14A9A-4134-4569-ACB9-DFB23D7DBB86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er5120g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DD2CC06-2AC5-4D79-8DAB-B4D4DDEB659C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5120g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB0E248-0844-4F67-B014-0D91097D2892",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6110g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "504894B1-8B2B-40D3-B242-2451649FCEFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6110g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2EDF4CBE-1393-4FA3-BEC5-D70DA65FEDAF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6220g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C871734-EAEC-4E7B-A846-1BF63E6D5061",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6220g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91196457-19D1-4A9D-93CF-31A90CA72B18",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6510g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF6DB66-3477-4BF6-A61D-6208B33CA00A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6510g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "531FB326-A000-4E69-86FC-8BC6C3B93401",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er7520g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2885417-FA1E-46DA-A674-7ACAECD38DF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er7520g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE3D607F-B64A-4E11-AA80-15CF41818FB6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r473g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1B1DAE-DEFF-4D88-AE89-81C7B9EEA262",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r473g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FAADD27-C0F7-42E0-AA3F-EA1B0E711D30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r473p-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A207AE5-DE94-4EBF-B755-B2341FA569B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r473p-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40C69293-1D3F-4965-A464-1820D5DC16C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r473gp-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E70455-DFCC-49C1-9754-0422DB8AB12C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r473gp-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB4A127-4E83-47B5-B101-3AB12D7484B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r478g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D0AA0C7-21F6-4059-A622-3274F3C666D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r478g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC48B20-C2B6-445D-9563-488BA4F7A8F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r478g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D0AA0C7-21F6-4059-A622-3274F3C666D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r478g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC48B20-C2B6-445D-9563-488BA4F7A8F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r479p-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E568C0-E4DF-4FDD-B8DB-327247EAAE14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r479p-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE38ED07-6E35-4836-95B3-9B20D6D6A6ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r479gp-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F175E34-8561-40EB-A299-A38F03F5B6CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r479gp-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D3D6F5-F551-41A3-8756-CD276D935C5A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r479gpe-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "026AD2C7-73E8-44AD-A9EE-F21386F88246",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r479gpe-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9891A83F-56E5-421B-A0DC-65B5B0A82979",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r4149g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1235A816-60EC-4979-838B-C3E825475758",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r4149g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E999611-39E1-48C1-99CB-581FF0451FD2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd."
},
{
"lang": "es",
"value": "Los dispositivos TP-Link TL-WVR, TL-WAR, TL-ER y TL-R permiten que usuarios autenticados remotos ejecuten comandos arbitrarios mediante metacaracteres shell en el campo t_bindif de un comando admin/interface en cgi-bin/luci. Esto se relaciona con la funci\u00f3n get_device_byif en /usr/lib/lua/luci/controller/admin/interface.lua en uhttpd."
}
],
"id": "CVE-2017-16960",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-27T10:29:00.547",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkInterfaceAuthenticatedRCE.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkInterfaceAuthenticatedRCE.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-16958
Vulnerability from fkie_nvd - Published: 2017-11-27 10:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/bridge.lua in uhttpd.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkBridgeAuthenticatedRCE.txt | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkBridgeAuthenticatedRCE.txt | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BCDDAFFA-F3A4-4B22-A4A1-E1490116F253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1D08E9-5E86-4007-9ABA-1A3DEE54DEAA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr302_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DD6098D-9452-4ADA-96F9-A7A6E9B63551",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr302:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52299E24-CBCA-49F8-90FD-D1D8E21D78FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr450_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F740E87-DEB3-4DD7-90A0-08FF079F7242",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA306AC-0231-4359-8794-BFA81D085410",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr450l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB72835B-95E0-4C65-997C-6FE3656F5584",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr450l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFD8A41-3C39-4DB4-B908-ED65AB27BDB7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr450g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E17DD853-7548-4037-A4F4-E93F4E667829",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr450g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8B9526-0627-4DF2-8273-E51A4595AA9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr458_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "982AFFBC-52BC-4921-87BB-8F0F1C31558C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr458:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B867C51B-FD51-40E1-BFFC-A9DA8A3606B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr458l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1583550-1D76-45E8-89A9-CD1D843BB93E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr458l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93F85C46-24B2-498E-AB6F-6329EF0F3B84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr458p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F3557E-AA91-4123-847A-79BB67A6571D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr458p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00C676B3-372D-4247-995A-FF025F32FDD4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr900g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7137CE99-9E89-4E49-A1F4-4458D723B4B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr900g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10038567-EC6B-40CA-94A5-302D37956EE4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr900l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F26DA2D7-B242-49D7-A54D-E8F4E8D9E1CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr900l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C4F2B2-F886-43ED-A29D-20865AA31B55",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1200l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "403F67A7-7E54-4255-9838-CDD6B9AA8266",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1200l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECE9545C-EC9B-47B0-BEA9-3B2D5109F970",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1300l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BFFF84-D7E5-475B-99E6-C93E3844CA4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1300l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBBB236-C33A-4FD7-888F-0BA9EB162B9C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1300g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B19D9121-35E3-479C-BE19-7E67DA2332C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1300g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B71C67-E001-4722-8B51-A4BB3B6ED841",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1750l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A6D7B7-781F-4F3C-B9B8-0C02BD7894F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1750l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7087925-7984-44DD-A20A-8B3C87802E3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war2600l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5CD25BA-4D2F-46FE-B73B-DBFEC70F16CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr2600l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2896BBB8-BA92-4B36-9BB7-E9397CDBB545",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr4300l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14C817C4-0B32-402D-909A-1DC9CA39DA1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr4300l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3E532F4-3E42-4C9F-A01A-E7EFB7B48804",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war302_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CE1FA23-A3C7-4F9D-B466-624448BDC9B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war302:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9FD7E97-3478-4F42-BB4A-5A1E1DD53877",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war450_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DAF676-8D9B-4689-A6AD-189E44161410",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A167020D-FEB5-42E0-8815-B7F2501D6C65",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war450l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF8DEA2-F7D4-4ADC-B1F6-78A21CC75181",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war450l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF4F2966-FD95-4B94-A7FB-8021782AD170",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war458_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7355D93-F480-4E24-A0CD-CAC3AADE454F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war458:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D950C88-8CAA-430A-A5BB-B65E4FF13074",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war458l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC78CAB2-0C24-4FF8-B758-AADDB3F24989",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war458l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBD997E-88FC-4D23-B762-331A63A29C83",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war900l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A4D9E7B-E147-4F80-8CD9-D49B023EEBC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war900l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84AB3B41-D8B1-4A0C-A5DD-5254D96D0655",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war1200l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02A26160-2484-4517-B223-40A329DAEDFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1200l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72F6A8BD-0012-48FA-B5D0-A6F03097FEA7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war1300l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B0BCD4-BE7E-4E30-8D41-5BB30EDD1F21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1300l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6AE4D9-A750-4770-A07A-FC87DCA4E840",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war1750l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87876AD9-B258-4E8E-ABF6-6704F6EEE468",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1750l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E888A70B-984E-4D7C-B324-2F0E9C8E57C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war2600l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5CD25BA-4D2F-46FE-B73B-DBFEC70F16CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war2600l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4EF035-D38D-478C-BCAA-EE96EBEC9D80",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er3210g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FECE364D-6F3C-4378-9D26-03C551F8CF54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er3210g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B525A04A-6596-482F-82B6-46B61B9D6F84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er3220g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C32F019-BC0A-4BD4-8DE7-59C8FFEAC943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er3220g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53E23FA7-5DB6-4F61-B925-C027769DDAB6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er5110g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CE6F205-6017-4855-9D3A-CCCAAF4CD326",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5110g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4F14A9A-4134-4569-ACB9-DFB23D7DBB86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er5120g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DD2CC06-2AC5-4D79-8DAB-B4D4DDEB659C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5120g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB0E248-0844-4F67-B014-0D91097D2892",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er5510g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EAAB2CB-8519-435A-8AA9-58D87BB3F50E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5510g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38918CA2-1DA6-4167-9442-F61AA3A468CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er5520g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "241C9669-8C6A-48D4-92D6-618828968B43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5520g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B0A0CE7-DF8D-4875-870F-0C511CE4350C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6110g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "504894B1-8B2B-40D3-B242-2451649FCEFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6110g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2EDF4CBE-1393-4FA3-BEC5-D70DA65FEDAF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6120g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57181C9C-4B60-4108-A414-6F2DEC8B2AD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6120g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EAC5781-46C5-4377-A558-6FA575611E29",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6220g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C871734-EAEC-4E7B-A846-1BF63E6D5061",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6220g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91196457-19D1-4A9D-93CF-31A90CA72B18",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6510g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF6DB66-3477-4BF6-A61D-6208B33CA00A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6510g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "531FB326-A000-4E69-86FC-8BC6C3B93401",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6520g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04E8F807-DF8E-46FF-864C-127853898595",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6520g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F823CD5-ABBD-41DD-9BB7-93208A3558B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er7520g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2885417-FA1E-46DA-A674-7ACAECD38DF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er7520g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE3D607F-B64A-4E11-AA80-15CF41818FB6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r473_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBBB8783-8C6F-4492-9F71-560925E7A011",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r473:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E26F55-3EFF-4EF6-A78E-637F846DC81A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r473g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1B1DAE-DEFF-4D88-AE89-81C7B9EEA262",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r473g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FAADD27-C0F7-42E0-AA3F-EA1B0E711D30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r473p-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A207AE5-DE94-4EBF-B755-B2341FA569B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r473p-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40C69293-1D3F-4965-A464-1820D5DC16C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r479gp-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F175E34-8561-40EB-A299-A38F03F5B6CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r473gp-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB4A127-4E83-47B5-B101-3AB12D7484B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r478_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96C62FAE-1F41-497D-B165-1A472E8311A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r478:-:*:*:*:*:*:*:*",
"matchCriteriaId": "572D875D-6EE8-4FF7-88B6-E44CFA1DEA5A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r478\\+_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD88F070-5506-466E-B886-587A161143A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r478\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79E0F546-6FF6-4E7B-9776-B6E6722E6673",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r478g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D0AA0C7-21F6-4059-A622-3274F3C666D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r478g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC48B20-C2B6-445D-9563-488BA4F7A8F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r478g\\+_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFF23D6-775E-45F5-B25F-64DDCFABA456",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r478g\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDAB34C-0C90-44E3-9B6B-2B4AFD5EB1C7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r479p-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E568C0-E4DF-4FDD-B8DB-327247EAAE14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r479p-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE38ED07-6E35-4836-95B3-9B20D6D6A6ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r479gp-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F175E34-8561-40EB-A299-A38F03F5B6CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r479gp-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D3D6F5-F551-41A3-8756-CD276D935C5A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r479gpe-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "026AD2C7-73E8-44AD-A9EE-F21386F88246",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r479gpe-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9891A83F-56E5-421B-A0DC-65B5B0A82979",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r483_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23F749A0-3A0A-4C63-8068-EC378A02C63E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r483:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32BC0024-4F65-4DA2-A5AB-E843466AF79B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r483g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EB95CB-10D9-4BE0-AD4C-093984A1D1C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r483g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25742B52-BE00-4BFA-BD0A-B366F12E8829",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r488_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5983B67B-609F-4127-AEBD-5AF7E486034E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r488:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31DBB40A-A190-4398-A4C8-DF042767A317",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r4149g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1235A816-60EC-4979-838B-C3E825475758",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r4149g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E999611-39E1-48C1-99CB-581FF0451FD2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r4239g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00708B72-B811-4711-8CB5-F2916C2572CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r4239g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE46823-8AB2-40B1-9765-37F645147218",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r4299g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94EEA260-A8AE-4B6E-A452-680F21A1206E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r4299g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D112855-1041-479E-ABCC-CEB0BCFDF651",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/bridge.lua in uhttpd."
},
{
"lang": "es",
"value": "Los dispositivos TP-Link TL-WVR, TL-WAR, TL-ER y TL-R permiten que usuarios autenticados remotos ejecuten comandos arbitrarios mediante metacaracteres shell en el campo t_bindif de un comando admin/bridge en cgi-bin/luci. Esto se relaciona con la funci\u00f3n get_device_byif en /usr/lib/lua/luci/controller/admin/bridge.lua en uhttpd."
}
],
"id": "CVE-2017-16958",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-27T10:29:00.487",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkBridgeAuthenticatedRCE.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkBridgeAuthenticatedRCE.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-16959
Vulnerability from fkie_nvd - Published: 2017-11-27 10:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkLocalePathDisclosure.txt | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkLocalePathDisclosure.txt | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BCDDAFFA-F3A4-4B22-A4A1-E1490116F253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1D08E9-5E86-4007-9ABA-1A3DEE54DEAA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr302_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DD6098D-9452-4ADA-96F9-A7A6E9B63551",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr302:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52299E24-CBCA-49F8-90FD-D1D8E21D78FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr450_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F740E87-DEB3-4DD7-90A0-08FF079F7242",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA306AC-0231-4359-8794-BFA81D085410",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr450l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB72835B-95E0-4C65-997C-6FE3656F5584",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr450l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFD8A41-3C39-4DB4-B908-ED65AB27BDB7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr450g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E17DD853-7548-4037-A4F4-E93F4E667829",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr450g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8B9526-0627-4DF2-8273-E51A4595AA9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr458_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "982AFFBC-52BC-4921-87BB-8F0F1C31558C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr458:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B867C51B-FD51-40E1-BFFC-A9DA8A3606B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr458l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1583550-1D76-45E8-89A9-CD1D843BB93E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr458l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93F85C46-24B2-498E-AB6F-6329EF0F3B84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr458p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F3557E-AA91-4123-847A-79BB67A6571D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr458p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00C676B3-372D-4247-995A-FF025F32FDD4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr900g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7137CE99-9E89-4E49-A1F4-4458D723B4B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr900g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10038567-EC6B-40CA-94A5-302D37956EE4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr900l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F26DA2D7-B242-49D7-A54D-E8F4E8D9E1CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr900l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C4F2B2-F886-43ED-A29D-20865AA31B55",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1200l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "403F67A7-7E54-4255-9838-CDD6B9AA8266",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1200l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECE9545C-EC9B-47B0-BEA9-3B2D5109F970",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1300l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BFFF84-D7E5-475B-99E6-C93E3844CA4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1300l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBBB236-C33A-4FD7-888F-0BA9EB162B9C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1300g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B19D9121-35E3-479C-BE19-7E67DA2332C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1300g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B71C67-E001-4722-8B51-A4BB3B6ED841",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1750l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A6D7B7-781F-4F3C-B9B8-0C02BD7894F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1750l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7087925-7984-44DD-A20A-8B3C87802E3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war2600l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5CD25BA-4D2F-46FE-B73B-DBFEC70F16CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr2600l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2896BBB8-BA92-4B36-9BB7-E9397CDBB545",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr4300l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14C817C4-0B32-402D-909A-1DC9CA39DA1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr4300l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3E532F4-3E42-4C9F-A01A-E7EFB7B48804",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war302_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CE1FA23-A3C7-4F9D-B466-624448BDC9B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war302:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9FD7E97-3478-4F42-BB4A-5A1E1DD53877",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war450_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DAF676-8D9B-4689-A6AD-189E44161410",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A167020D-FEB5-42E0-8815-B7F2501D6C65",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war450l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF8DEA2-F7D4-4ADC-B1F6-78A21CC75181",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war450l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF4F2966-FD95-4B94-A7FB-8021782AD170",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war458_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7355D93-F480-4E24-A0CD-CAC3AADE454F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war458:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D950C88-8CAA-430A-A5BB-B65E4FF13074",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war458l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC78CAB2-0C24-4FF8-B758-AADDB3F24989",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war458l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBD997E-88FC-4D23-B762-331A63A29C83",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war900l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A4D9E7B-E147-4F80-8CD9-D49B023EEBC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war900l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84AB3B41-D8B1-4A0C-A5DD-5254D96D0655",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war1200l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02A26160-2484-4517-B223-40A329DAEDFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1200l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72F6A8BD-0012-48FA-B5D0-A6F03097FEA7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war1300l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B0BCD4-BE7E-4E30-8D41-5BB30EDD1F21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1300l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6AE4D9-A750-4770-A07A-FC87DCA4E840",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war1750l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87876AD9-B258-4E8E-ABF6-6704F6EEE468",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1750l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E888A70B-984E-4D7C-B324-2F0E9C8E57C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war2600l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5CD25BA-4D2F-46FE-B73B-DBFEC70F16CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war2600l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4EF035-D38D-478C-BCAA-EE96EBEC9D80",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er3210g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FECE364D-6F3C-4378-9D26-03C551F8CF54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er3210g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B525A04A-6596-482F-82B6-46B61B9D6F84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er3220g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C32F019-BC0A-4BD4-8DE7-59C8FFEAC943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er3220g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53E23FA7-5DB6-4F61-B925-C027769DDAB6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er5110g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CE6F205-6017-4855-9D3A-CCCAAF4CD326",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5110g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4F14A9A-4134-4569-ACB9-DFB23D7DBB86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er5120g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DD2CC06-2AC5-4D79-8DAB-B4D4DDEB659C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5120g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB0E248-0844-4F67-B014-0D91097D2892",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er5510g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EAAB2CB-8519-435A-8AA9-58D87BB3F50E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5510g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38918CA2-1DA6-4167-9442-F61AA3A468CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er5520g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "241C9669-8C6A-48D4-92D6-618828968B43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5520g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B0A0CE7-DF8D-4875-870F-0C511CE4350C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6110g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "504894B1-8B2B-40D3-B242-2451649FCEFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6110g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2EDF4CBE-1393-4FA3-BEC5-D70DA65FEDAF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6120g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57181C9C-4B60-4108-A414-6F2DEC8B2AD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6120g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EAC5781-46C5-4377-A558-6FA575611E29",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6220g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C871734-EAEC-4E7B-A846-1BF63E6D5061",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6220g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91196457-19D1-4A9D-93CF-31A90CA72B18",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6510g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF6DB66-3477-4BF6-A61D-6208B33CA00A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6510g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "531FB326-A000-4E69-86FC-8BC6C3B93401",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6520g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04E8F807-DF8E-46FF-864C-127853898595",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6520g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F823CD5-ABBD-41DD-9BB7-93208A3558B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er7520g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2885417-FA1E-46DA-A674-7ACAECD38DF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er7520g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE3D607F-B64A-4E11-AA80-15CF41818FB6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r473_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBBB8783-8C6F-4492-9F71-560925E7A011",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r473:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E26F55-3EFF-4EF6-A78E-637F846DC81A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r473g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1B1DAE-DEFF-4D88-AE89-81C7B9EEA262",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r473g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FAADD27-C0F7-42E0-AA3F-EA1B0E711D30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r473p-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A207AE5-DE94-4EBF-B755-B2341FA569B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r473p-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40C69293-1D3F-4965-A464-1820D5DC16C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r479gp-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F175E34-8561-40EB-A299-A38F03F5B6CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r473gp-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB4A127-4E83-47B5-B101-3AB12D7484B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r478_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96C62FAE-1F41-497D-B165-1A472E8311A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r478:-:*:*:*:*:*:*:*",
"matchCriteriaId": "572D875D-6EE8-4FF7-88B6-E44CFA1DEA5A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r478\\+_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD88F070-5506-466E-B886-587A161143A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r478\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79E0F546-6FF6-4E7B-9776-B6E6722E6673",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r478g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D0AA0C7-21F6-4059-A622-3274F3C666D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r478g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC48B20-C2B6-445D-9563-488BA4F7A8F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r478g\\+_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFF23D6-775E-45F5-B25F-64DDCFABA456",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r478g\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDAB34C-0C90-44E3-9B6B-2B4AFD5EB1C7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r479p-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E568C0-E4DF-4FDD-B8DB-327247EAAE14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r479p-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE38ED07-6E35-4836-95B3-9B20D6D6A6ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r479gp-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F175E34-8561-40EB-A299-A38F03F5B6CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r479gp-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D3D6F5-F551-41A3-8756-CD276D935C5A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r479gpe-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "026AD2C7-73E8-44AD-A9EE-F21386F88246",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r479gpe-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9891A83F-56E5-421B-A0DC-65B5B0A82979",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r483_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23F749A0-3A0A-4C63-8068-EC378A02C63E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r483:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32BC0024-4F65-4DA2-A5AB-E843466AF79B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r483g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EB95CB-10D9-4BE0-AD4C-093984A1D1C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r483g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25742B52-BE00-4BFA-BD0A-B366F12E8829",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r488_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5983B67B-609F-4127-AEBD-5AF7E486034E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r488:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31DBB40A-A190-4398-A4C8-DF042767A317",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r4149g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1235A816-60EC-4979-838B-C3E825475758",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r4149g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E999611-39E1-48C1-99CB-581FF0451FD2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r4239g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00708B72-B811-4711-8CB5-F2916C2572CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r4239g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE46823-8AB2-40B1-9765-37F645147218",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r4299g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94EEA260-A8AE-4B6E-A452-680F21A1206E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r4299g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D112855-1041-479E-ABCC-CEB0BCFDF651",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd."
},
{
"lang": "es",
"value": "La caracter\u00edstica locale en cgi-bin/luci en dispositivos TP-Link TL-WVR, TL-WAR, TL-ER y TL-R permite que usuarios autenticados remotos examinen la existencia de archivos arbitrarios haciendo una petici\u00f3n operation=write;locale=%0d y, a continuaci\u00f3n, haciendo una petici\u00f3n operation=read con una cabecera HTTP Accept-Language manipulada. Esto se relaciona con las funciones set_sysinfo y get_sysinfo en /usr/lib/lua/luci/controller/locale.lua en uhttpd."
}
],
"id": "CVE-2017-16959",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-27T10:29:00.517",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkLocalePathDisclosure.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkLocalePathDisclosure.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-16957
Vulnerability from fkie_nvd - Published: 2017-11-27 10:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/101968 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkDiagnosticAuthenticatedRCE.txt | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101968 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkDiagnosticAuthenticatedRCE.txt | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BCDDAFFA-F3A4-4B22-A4A1-E1490116F253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1D08E9-5E86-4007-9ABA-1A3DEE54DEAA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr302_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DD6098D-9452-4ADA-96F9-A7A6E9B63551",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr302:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52299E24-CBCA-49F8-90FD-D1D8E21D78FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr450_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F740E87-DEB3-4DD7-90A0-08FF079F7242",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA306AC-0231-4359-8794-BFA81D085410",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr450l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB72835B-95E0-4C65-997C-6FE3656F5584",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr450l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFD8A41-3C39-4DB4-B908-ED65AB27BDB7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr450g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E17DD853-7548-4037-A4F4-E93F4E667829",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr450g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8B9526-0627-4DF2-8273-E51A4595AA9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr458_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "982AFFBC-52BC-4921-87BB-8F0F1C31558C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr458:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B867C51B-FD51-40E1-BFFC-A9DA8A3606B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr458l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1583550-1D76-45E8-89A9-CD1D843BB93E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr458l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93F85C46-24B2-498E-AB6F-6329EF0F3B84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr458p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F3557E-AA91-4123-847A-79BB67A6571D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr458p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00C676B3-372D-4247-995A-FF025F32FDD4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr900g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7137CE99-9E89-4E49-A1F4-4458D723B4B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr900g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10038567-EC6B-40CA-94A5-302D37956EE4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr900l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F26DA2D7-B242-49D7-A54D-E8F4E8D9E1CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr900l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C4F2B2-F886-43ED-A29D-20865AA31B55",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1200l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "403F67A7-7E54-4255-9838-CDD6B9AA8266",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1200l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECE9545C-EC9B-47B0-BEA9-3B2D5109F970",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1300l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BFFF84-D7E5-475B-99E6-C93E3844CA4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1300l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBBB236-C33A-4FD7-888F-0BA9EB162B9C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1300g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B19D9121-35E3-479C-BE19-7E67DA2332C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1300g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B71C67-E001-4722-8B51-A4BB3B6ED841",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1750l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A6D7B7-781F-4F3C-B9B8-0C02BD7894F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1750l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7087925-7984-44DD-A20A-8B3C87802E3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war2600l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5CD25BA-4D2F-46FE-B73B-DBFEC70F16CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr2600l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2896BBB8-BA92-4B36-9BB7-E9397CDBB545",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr4300l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14C817C4-0B32-402D-909A-1DC9CA39DA1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr4300l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3E532F4-3E42-4C9F-A01A-E7EFB7B48804",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war302_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CE1FA23-A3C7-4F9D-B466-624448BDC9B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war302:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9FD7E97-3478-4F42-BB4A-5A1E1DD53877",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war450_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DAF676-8D9B-4689-A6AD-189E44161410",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A167020D-FEB5-42E0-8815-B7F2501D6C65",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war450l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF8DEA2-F7D4-4ADC-B1F6-78A21CC75181",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war450l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF4F2966-FD95-4B94-A7FB-8021782AD170",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war458_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7355D93-F480-4E24-A0CD-CAC3AADE454F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war458:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D950C88-8CAA-430A-A5BB-B65E4FF13074",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war458l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC78CAB2-0C24-4FF8-B758-AADDB3F24989",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war458l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBD997E-88FC-4D23-B762-331A63A29C83",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war900l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A4D9E7B-E147-4F80-8CD9-D49B023EEBC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war900l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84AB3B41-D8B1-4A0C-A5DD-5254D96D0655",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war1200l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02A26160-2484-4517-B223-40A329DAEDFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1200l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72F6A8BD-0012-48FA-B5D0-A6F03097FEA7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war1300l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B0BCD4-BE7E-4E30-8D41-5BB30EDD1F21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1300l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6AE4D9-A750-4770-A07A-FC87DCA4E840",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war1750l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87876AD9-B258-4E8E-ABF6-6704F6EEE468",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1750l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E888A70B-984E-4D7C-B324-2F0E9C8E57C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war2600l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5CD25BA-4D2F-46FE-B73B-DBFEC70F16CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war2600l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4EF035-D38D-478C-BCAA-EE96EBEC9D80",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er3210g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FECE364D-6F3C-4378-9D26-03C551F8CF54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er3210g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B525A04A-6596-482F-82B6-46B61B9D6F84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er3220g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C32F019-BC0A-4BD4-8DE7-59C8FFEAC943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er3220g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53E23FA7-5DB6-4F61-B925-C027769DDAB6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er5110g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CE6F205-6017-4855-9D3A-CCCAAF4CD326",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5110g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4F14A9A-4134-4569-ACB9-DFB23D7DBB86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er5120g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DD2CC06-2AC5-4D79-8DAB-B4D4DDEB659C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5120g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB0E248-0844-4F67-B014-0D91097D2892",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er5510g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EAAB2CB-8519-435A-8AA9-58D87BB3F50E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5510g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38918CA2-1DA6-4167-9442-F61AA3A468CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er5520g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "241C9669-8C6A-48D4-92D6-618828968B43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5520g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B0A0CE7-DF8D-4875-870F-0C511CE4350C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6110g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "504894B1-8B2B-40D3-B242-2451649FCEFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6110g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2EDF4CBE-1393-4FA3-BEC5-D70DA65FEDAF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6120g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57181C9C-4B60-4108-A414-6F2DEC8B2AD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6120g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EAC5781-46C5-4377-A558-6FA575611E29",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6220g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C871734-EAEC-4E7B-A846-1BF63E6D5061",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6220g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91196457-19D1-4A9D-93CF-31A90CA72B18",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6510g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF6DB66-3477-4BF6-A61D-6208B33CA00A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6510g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "531FB326-A000-4E69-86FC-8BC6C3B93401",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6520g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04E8F807-DF8E-46FF-864C-127853898595",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6520g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F823CD5-ABBD-41DD-9BB7-93208A3558B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er7520g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2885417-FA1E-46DA-A674-7ACAECD38DF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er7520g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE3D607F-B64A-4E11-AA80-15CF41818FB6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r473_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBBB8783-8C6F-4492-9F71-560925E7A011",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r473:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E26F55-3EFF-4EF6-A78E-637F846DC81A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r473g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1B1DAE-DEFF-4D88-AE89-81C7B9EEA262",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r473g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FAADD27-C0F7-42E0-AA3F-EA1B0E711D30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r473p-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A207AE5-DE94-4EBF-B755-B2341FA569B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r473p-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40C69293-1D3F-4965-A464-1820D5DC16C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r479gp-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F175E34-8561-40EB-A299-A38F03F5B6CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r473gp-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB4A127-4E83-47B5-B101-3AB12D7484B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r478_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96C62FAE-1F41-497D-B165-1A472E8311A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r478:-:*:*:*:*:*:*:*",
"matchCriteriaId": "572D875D-6EE8-4FF7-88B6-E44CFA1DEA5A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r478\\+_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD88F070-5506-466E-B886-587A161143A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r478\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79E0F546-6FF6-4E7B-9776-B6E6722E6673",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r478g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D0AA0C7-21F6-4059-A622-3274F3C666D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r478g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC48B20-C2B6-445D-9563-488BA4F7A8F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r478g\\+_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFF23D6-775E-45F5-B25F-64DDCFABA456",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r478g\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDAB34C-0C90-44E3-9B6B-2B4AFD5EB1C7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r479p-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E568C0-E4DF-4FDD-B8DB-327247EAAE14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r479p-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE38ED07-6E35-4836-95B3-9B20D6D6A6ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r479gp-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F175E34-8561-40EB-A299-A38F03F5B6CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r479gp-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D3D6F5-F551-41A3-8756-CD276D935C5A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r479gpe-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "026AD2C7-73E8-44AD-A9EE-F21386F88246",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r479gpe-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9891A83F-56E5-421B-A0DC-65B5B0A82979",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r483_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23F749A0-3A0A-4C63-8068-EC378A02C63E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r483:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32BC0024-4F65-4DA2-A5AB-E843466AF79B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r483g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21EB95CB-10D9-4BE0-AD4C-093984A1D1C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r483g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25742B52-BE00-4BFA-BD0A-B366F12E8829",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r488_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5983B67B-609F-4127-AEBD-5AF7E486034E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r488:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31DBB40A-A190-4398-A4C8-DF042767A317",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r4149g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1235A816-60EC-4979-838B-C3E825475758",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r4149g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E999611-39E1-48C1-99CB-581FF0451FD2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r4239g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00708B72-B811-4711-8CB5-F2916C2572CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r4239g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE46823-8AB2-40B1-9765-37F645147218",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r4299g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94EEA260-A8AE-4B6E-A452-680F21A1206E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r4299g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D112855-1041-479E-ABCC-CEB0BCFDF651",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd."
},
{
"lang": "es",
"value": "Los dispositivos TP-Link TL-WVR, TL-WAR, TL-ER y TL-R permiten que usuarios autenticados remotos ejecuten comandos arbitrarios mediante metacaracteres shell en el campo iface de un comando admin/diagnostic en cgi-bin/luci. Esto se relaciona con la funci\u00f3n zone_get_effect_devices en /usr/lib/lua/luci/controller/admin/diagnostic.lua en uhttpd."
}
],
"id": "CVE-2017-16957",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-27T10:29:00.440",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101968"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkDiagnosticAuthenticatedRCE.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkDiagnosticAuthenticatedRCE.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-43137 (GCVE-0-2023-43137)
Vulnerability from cvelistv5 – Published: 2023-09-20 00:00 – Updated: 2024-09-25 14:28
VLAI?
Summary
TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:37:23.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/command%20injection/01/command%20injection01.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tplink:tl-er5120g:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tl-er5120g",
"vendor": "tplink",
"versions": [
{
"status": "affected",
"version": "4.0_2.0.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43137",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T13:48:31.869357Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T14:28:00.899Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-20T19:13:31.248288",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/command%20injection/01/command%20injection01.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43137",
"datePublished": "2023-09-20T00:00:00",
"dateReserved": "2023-09-18T00:00:00",
"dateUpdated": "2024-09-25T14:28:00.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43138 (GCVE-0-2023-43138)
Vulnerability from cvelistv5 – Published: 2023-09-20 00:00 – Updated: 2024-09-25 13:46
VLAI?
Summary
TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:37:23.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/command%20injection/02/command%20injection02.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tplink:tl-er5120g:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tl-er5120g",
"vendor": "tplink",
"versions": [
{
"status": "affected",
"version": "4.0_2.0.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43138",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T13:42:32.677425Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T13:46:50.365Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-20T19:25:52.218299",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/command%20injection/02/command%20injection02.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43138",
"datePublished": "2023-09-20T00:00:00",
"dateReserved": "2023-09-18T00:00:00",
"dateUpdated": "2024-09-25T13:46:50.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43135 (GCVE-0-2023-43135)
Vulnerability from cvelistv5 – Published: 2023-09-20 00:00 – Updated: 2024-09-25 14:14
VLAI?
Summary
There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:37:23.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/unauthorized%20access/Unauthorized%20Access%20Vulnerability.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tp-link:er5120g:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "er5120g",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "4.0_2.0.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43135",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T14:13:16.296522Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T14:14:11.051Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-20T21:13:17.210802",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/unauthorized%20access/Unauthorized%20Access%20Vulnerability.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43135",
"datePublished": "2023-09-20T00:00:00",
"dateReserved": "2023-09-18T00:00:00",
"dateUpdated": "2024-09-25T14:14:11.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16959 (GCVE-0-2017-16959)
Vulnerability from cvelistv5 – Published: 2017-11-27 10:00 – Updated: 2024-08-05 20:43
VLAI?
Summary
The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:57.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkLocalePathDisclosure.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-27T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkLocalePathDisclosure.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkLocalePathDisclosure.txt",
"refsource": "MISC",
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkLocalePathDisclosure.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16959",
"datePublished": "2017-11-27T10:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T20:43:57.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16960 (GCVE-0-2017-16960)
Vulnerability from cvelistv5 – Published: 2017-11-27 10:00 – Updated: 2024-08-05 20:43
VLAI?
Summary
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkInterfaceAuthenticatedRCE.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-27T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkInterfaceAuthenticatedRCE.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkInterfaceAuthenticatedRCE.txt",
"refsource": "MISC",
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkInterfaceAuthenticatedRCE.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16960",
"datePublished": "2017-11-27T10:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T20:43:59.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16958 (GCVE-0-2017-16958)
Vulnerability from cvelistv5 – Published: 2017-11-27 10:00 – Updated: 2024-08-05 20:43
VLAI?
Summary
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/bridge.lua in uhttpd.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:57.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkBridgeAuthenticatedRCE.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/bridge.lua in uhttpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-27T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkBridgeAuthenticatedRCE.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/bridge.lua in uhttpd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkBridgeAuthenticatedRCE.txt",
"refsource": "MISC",
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkBridgeAuthenticatedRCE.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16958",
"datePublished": "2017-11-27T10:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T20:43:57.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16957 (GCVE-0-2017-16957)
Vulnerability from cvelistv5 – Published: 2017-11-27 10:00 – Updated: 2024-08-05 20:43
VLAI?
Summary
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:57.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101968",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101968"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkDiagnosticAuthenticatedRCE.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-29T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "101968",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101968"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkDiagnosticAuthenticatedRCE.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101968",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101968"
},
{
"name": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkDiagnosticAuthenticatedRCE.txt",
"refsource": "MISC",
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkDiagnosticAuthenticatedRCE.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16957",
"datePublished": "2017-11-27T10:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T20:43:57.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43137 (GCVE-0-2023-43137)
Vulnerability from nvd – Published: 2023-09-20 00:00 – Updated: 2024-09-25 14:28
VLAI?
Summary
TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:37:23.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/command%20injection/01/command%20injection01.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tplink:tl-er5120g:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tl-er5120g",
"vendor": "tplink",
"versions": [
{
"status": "affected",
"version": "4.0_2.0.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43137",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T13:48:31.869357Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T14:28:00.899Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-20T19:13:31.248288",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/command%20injection/01/command%20injection01.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43137",
"datePublished": "2023-09-20T00:00:00",
"dateReserved": "2023-09-18T00:00:00",
"dateUpdated": "2024-09-25T14:28:00.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43138 (GCVE-0-2023-43138)
Vulnerability from nvd – Published: 2023-09-20 00:00 – Updated: 2024-09-25 13:46
VLAI?
Summary
TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:37:23.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/command%20injection/02/command%20injection02.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tplink:tl-er5120g:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tl-er5120g",
"vendor": "tplink",
"versions": [
{
"status": "affected",
"version": "4.0_2.0.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43138",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T13:42:32.677425Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T13:46:50.365Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-20T19:25:52.218299",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/command%20injection/02/command%20injection02.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43138",
"datePublished": "2023-09-20T00:00:00",
"dateReserved": "2023-09-18T00:00:00",
"dateUpdated": "2024-09-25T13:46:50.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43135 (GCVE-0-2023-43135)
Vulnerability from nvd – Published: 2023-09-20 00:00 – Updated: 2024-09-25 14:14
VLAI?
Summary
There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:37:23.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/unauthorized%20access/Unauthorized%20Access%20Vulnerability.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tp-link:er5120g:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "er5120g",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "4.0_2.0.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43135",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T14:13:16.296522Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T14:14:11.051Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-20T21:13:17.210802",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/unauthorized%20access/Unauthorized%20Access%20Vulnerability.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43135",
"datePublished": "2023-09-20T00:00:00",
"dateReserved": "2023-09-18T00:00:00",
"dateUpdated": "2024-09-25T14:14:11.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16959 (GCVE-0-2017-16959)
Vulnerability from nvd – Published: 2017-11-27 10:00 – Updated: 2024-08-05 20:43
VLAI?
Summary
The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:57.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkLocalePathDisclosure.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-27T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkLocalePathDisclosure.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkLocalePathDisclosure.txt",
"refsource": "MISC",
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkLocalePathDisclosure.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16959",
"datePublished": "2017-11-27T10:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T20:43:57.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16960 (GCVE-0-2017-16960)
Vulnerability from nvd – Published: 2017-11-27 10:00 – Updated: 2024-08-05 20:43
VLAI?
Summary
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkInterfaceAuthenticatedRCE.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-27T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkInterfaceAuthenticatedRCE.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkInterfaceAuthenticatedRCE.txt",
"refsource": "MISC",
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkInterfaceAuthenticatedRCE.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16960",
"datePublished": "2017-11-27T10:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T20:43:59.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16958 (GCVE-0-2017-16958)
Vulnerability from nvd – Published: 2017-11-27 10:00 – Updated: 2024-08-05 20:43
VLAI?
Summary
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/bridge.lua in uhttpd.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:57.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkBridgeAuthenticatedRCE.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/bridge.lua in uhttpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-27T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkBridgeAuthenticatedRCE.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/bridge.lua in uhttpd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkBridgeAuthenticatedRCE.txt",
"refsource": "MISC",
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkBridgeAuthenticatedRCE.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16958",
"datePublished": "2017-11-27T10:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T20:43:57.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16957 (GCVE-0-2017-16957)
Vulnerability from nvd – Published: 2017-11-27 10:00 – Updated: 2024-08-05 20:43
VLAI?
Summary
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:57.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101968",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101968"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkDiagnosticAuthenticatedRCE.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-29T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "101968",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101968"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkDiagnosticAuthenticatedRCE.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101968",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101968"
},
{
"name": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkDiagnosticAuthenticatedRCE.txt",
"refsource": "MISC",
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkDiagnosticAuthenticatedRCE.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16957",
"datePublished": "2017-11-27T10:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T20:43:57.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}