Vulnerability CVE-2017-15636


Published: 2018-01-11

Description:
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-time variable in the webfilter.lua file.

Type:

CWE-noinfo

CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9/10
10/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Tp-link -> Er5110g firmware 
Tp-link -> R488 firmware 
Tp-link -> Wvr4300l firmware 
Tp-link -> Er5120g firmware 
Tp-link -> War1300l firmware 
Tp-link -> Wvr450 firmware 
Tp-link -> Er5510g firmware 
Tp-link -> War1750l firmware 
Tp-link -> Wvr450l firmware 
Tp-link -> Er5520g firmware 
Tp-link -> War2600l firmware 
Tp-link -> Wvr458l firmware 
Tp-link -> R4149g firmware 
Tp-link -> War302 firmware 
Tp-link -> Wvr900g firmware 
Tp-link -> R4239g firmware 
Tp-link -> War450 firmware 
Tp-link -> Wvr900l firmware 
Tp-link -> R4299g firmware 
Tp-link -> War450l firmware 
Tp-link -> R473 firmware 
Tp-link -> War458 firmware 
Tp-link -> R473g firmware 
Tp-link -> War458l firmware 
Tp-link -> R473gp-ac firmware 
Tp-link -> War900l firmware 
Tp-link -> R473p-ac firmware 
Tp-link -> Wvr1300g firmware 
Tp-link -> R478+ firmware 
Tp-link -> Wvr1300l firmware 
Tp-link -> R478 firmware 
Tp-link -> Wvr1750l firmware 
Tp-link -> R478g+ firmware 
Tp-link -> Wvr2600l firmware 
Tp-link -> R483 firmware 
Tp-link -> Wvr300 firmware 
Tp-link -> R483g firmware 
Tp-link -> Wvr302 firmware 

 References:
http://www.securityfocus.com/archive/1/541655/100/0/threaded
https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt

Copyright 2020, cxsecurity.com

 

Back to Top