Search criteria
3 vulnerabilities found for tl-r473 by tp-link
FKIE_CVE-2017-16960
Vulnerability from fkie_nvd - Published: 2017-11-27 10:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5510g:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "D24328C0-9611-4789-93B5-B60268A58238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-er5510g:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D6B49A-76DE-4F4D-8769-6B57F0F07FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-er5520g:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "F462B7E8-30CA-43B7-B0AD-6BFF31390FB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-er5520g:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "C8CDB038-0534-472F-8900-1209E460B3AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-er6120g:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "78E2DC44-0319-4268-8912-25AD0F9FE867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-er6520g:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "E523045C-0C72-4C15-A777-CD80D01C9C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-er6520g:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "024E082F-16C4-4393-9B7D-60B2C0BC8FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-r4239g:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "1DEC78BE-3E4A-40D8-8064-A5B05AE50341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-r4299g:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "53D70E3D-9214-4446-AFE1-31F6B9AE5F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-r473:v5:*:*:*:*:*:*:*",
"matchCriteriaId": "D7DA7575-DE2E-4025-8FD5-403EE32C516F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-r478:v6:*:*:*:*:*:*:*",
"matchCriteriaId": "0D854EDA-5393-43CA-B088-6132EE0550F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-r478\\+:v7:*:*:*:*:*:*:*",
"matchCriteriaId": "E85E0A1B-A7AF-4E29-A7CE-B48B4D41EC11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-r478g\\+:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "8F5A5A9E-8D88-4AFE-8EB9-F7196C934923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-r483:v5:*:*:*:*:*:*:*",
"matchCriteriaId": "65C14007-6D98-4F55-9D7B-6B14E951DA75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-r483g:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "986C07E3-9DE4-485B-BC5E-67F266C6E5FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-r488:v5:*:*:*:*:*:*:*",
"matchCriteriaId": "8EEFEFB8-AED4-4C83-86D3-CE9502C5B36A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr300:v4:*:*:*:*:*:*:*",
"matchCriteriaId": "A96652E8-10EA-4B5E-BD64-1853672696B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr302:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "FBE70EF0-508C-4F34-829C-0B30FAA96E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr450g:v5:*:*:*:*:*:*:*",
"matchCriteriaId": "473671D0-D0C9-4D36-AE5E-E63A5EBA0C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr900g:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "8344CA75-15D5-4106-80DF-4772C1C0D3B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr450_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F740E87-DEB3-4DD7-90A0-08FF079F7242",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA306AC-0231-4359-8794-BFA81D085410",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr450l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB72835B-95E0-4C65-997C-6FE3656F5584",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr450l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFD8A41-3C39-4DB4-B908-ED65AB27BDB7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr458_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "982AFFBC-52BC-4921-87BB-8F0F1C31558C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr458:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B867C51B-FD51-40E1-BFFC-A9DA8A3606B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr458l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1583550-1D76-45E8-89A9-CD1D843BB93E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr458l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93F85C46-24B2-498E-AB6F-6329EF0F3B84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr458p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F3557E-AA91-4123-847A-79BB67A6571D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr458p:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F47FC91-5861-465F-BF05-8C666B818722",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr900l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F26DA2D7-B242-49D7-A54D-E8F4E8D9E1CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr900l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C4F2B2-F886-43ED-A29D-20865AA31B55",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1200l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "403F67A7-7E54-4255-9838-CDD6B9AA8266",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1200l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECE9545C-EC9B-47B0-BEA9-3B2D5109F970",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1300l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BFFF84-D7E5-475B-99E6-C93E3844CA4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1300l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBBB236-C33A-4FD7-888F-0BA9EB162B9C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1300g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B19D9121-35E3-479C-BE19-7E67DA2332C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1300g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D45A711-B6FD-48A4-B455-286F80DE221B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr1750l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A6D7B7-781F-4F3C-B9B8-0C02BD7894F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr1750l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7087925-7984-44DD-A20A-8B3C87802E3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr2600l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB1C13D-F1B7-40E4-8C70-3DBFBF17671B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr2600l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2896BBB8-BA92-4B36-9BB7-E9397CDBB545",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wvr4300l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14C817C4-0B32-402D-909A-1DC9CA39DA1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wvr4300l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3E532F4-3E42-4C9F-A01A-E7EFB7B48804",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war302_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CE1FA23-A3C7-4F9D-B466-624448BDC9B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war302:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9FD7E97-3478-4F42-BB4A-5A1E1DD53877",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war450_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DAF676-8D9B-4689-A6AD-189E44161410",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A167020D-FEB5-42E0-8815-B7F2501D6C65",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war450l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF8DEA2-F7D4-4ADC-B1F6-78A21CC75181",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war450l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF4F2966-FD95-4B94-A7FB-8021782AD170",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war458_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7355D93-F480-4E24-A0CD-CAC3AADE454F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war458:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D950C88-8CAA-430A-A5BB-B65E4FF13074",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war458l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC78CAB2-0C24-4FF8-B758-AADDB3F24989",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war458l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBD997E-88FC-4D23-B762-331A63A29C83",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war900l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A4D9E7B-E147-4F80-8CD9-D49B023EEBC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war900l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84AB3B41-D8B1-4A0C-A5DD-5254D96D0655",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war1200l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02A26160-2484-4517-B223-40A329DAEDFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1200l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72F6A8BD-0012-48FA-B5D0-A6F03097FEA7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war1300l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B0BCD4-BE7E-4E30-8D41-5BB30EDD1F21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1300l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6AE4D9-A750-4770-A07A-FC87DCA4E840",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war1750l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87876AD9-B258-4E8E-ABF6-6704F6EEE468",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war1750l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E888A70B-984E-4D7C-B324-2F0E9C8E57C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-war2600l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5CD25BA-4D2F-46FE-B73B-DBFEC70F16CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-war2600l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4EF035-D38D-478C-BCAA-EE96EBEC9D80",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er3210g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FECE364D-6F3C-4378-9D26-03C551F8CF54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er3210g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B525A04A-6596-482F-82B6-46B61B9D6F84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er3220g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6FA6F6-2417-47D9-A4B8-E764C052A723",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er3220g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53E23FA7-5DB6-4F61-B925-C027769DDAB6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er5110g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CE6F205-6017-4855-9D3A-CCCAAF4CD326",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5110g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4F14A9A-4134-4569-ACB9-DFB23D7DBB86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er5120g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DD2CC06-2AC5-4D79-8DAB-B4D4DDEB659C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er5120g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB0E248-0844-4F67-B014-0D91097D2892",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6110g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "504894B1-8B2B-40D3-B242-2451649FCEFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6110g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2EDF4CBE-1393-4FA3-BEC5-D70DA65FEDAF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6220g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C871734-EAEC-4E7B-A846-1BF63E6D5061",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6220g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91196457-19D1-4A9D-93CF-31A90CA72B18",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er6510g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF6DB66-3477-4BF6-A61D-6208B33CA00A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er6510g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "531FB326-A000-4E69-86FC-8BC6C3B93401",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-er7520g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2885417-FA1E-46DA-A674-7ACAECD38DF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-er7520g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE3D607F-B64A-4E11-AA80-15CF41818FB6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r473g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1B1DAE-DEFF-4D88-AE89-81C7B9EEA262",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r473g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FAADD27-C0F7-42E0-AA3F-EA1B0E711D30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r473p-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A207AE5-DE94-4EBF-B755-B2341FA569B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r473p-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40C69293-1D3F-4965-A464-1820D5DC16C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r473gp-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E70455-DFCC-49C1-9754-0422DB8AB12C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r473gp-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB4A127-4E83-47B5-B101-3AB12D7484B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r478g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D0AA0C7-21F6-4059-A622-3274F3C666D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r478g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC48B20-C2B6-445D-9563-488BA4F7A8F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r478g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D0AA0C7-21F6-4059-A622-3274F3C666D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r478g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC48B20-C2B6-445D-9563-488BA4F7A8F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r479p-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E568C0-E4DF-4FDD-B8DB-327247EAAE14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r479p-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE38ED07-6E35-4836-95B3-9B20D6D6A6ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r479gp-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F175E34-8561-40EB-A299-A38F03F5B6CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r479gp-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D3D6F5-F551-41A3-8756-CD276D935C5A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r479gpe-ac_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "026AD2C7-73E8-44AD-A9EE-F21386F88246",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r479gpe-ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9891A83F-56E5-421B-A0DC-65B5B0A82979",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-r4149g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1235A816-60EC-4979-838B-C3E825475758",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-r4149g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E999611-39E1-48C1-99CB-581FF0451FD2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd."
},
{
"lang": "es",
"value": "Los dispositivos TP-Link TL-WVR, TL-WAR, TL-ER y TL-R permiten que usuarios autenticados remotos ejecuten comandos arbitrarios mediante metacaracteres shell en el campo t_bindif de un comando admin/interface en cgi-bin/luci. Esto se relaciona con la funci\u00f3n get_device_byif en /usr/lib/lua/luci/controller/admin/interface.lua en uhttpd."
}
],
"id": "CVE-2017-16960",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-27T10:29:00.547",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkInterfaceAuthenticatedRCE.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkInterfaceAuthenticatedRCE.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-16960 (GCVE-0-2017-16960)
Vulnerability from cvelistv5 – Published: 2017-11-27 10:00 – Updated: 2024-08-05 20:43
VLAI?
Summary
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkInterfaceAuthenticatedRCE.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-27T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkInterfaceAuthenticatedRCE.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkInterfaceAuthenticatedRCE.txt",
"refsource": "MISC",
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkInterfaceAuthenticatedRCE.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16960",
"datePublished": "2017-11-27T10:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T20:43:59.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16960 (GCVE-0-2017-16960)
Vulnerability from nvd – Published: 2017-11-27 10:00 – Updated: 2024-08-05 20:43
VLAI?
Summary
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkInterfaceAuthenticatedRCE.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-27T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkInterfaceAuthenticatedRCE.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkInterfaceAuthenticatedRCE.txt",
"refsource": "MISC",
"url": "https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkInterfaceAuthenticatedRCE.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16960",
"datePublished": "2017-11-27T10:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T20:43:59.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}