TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the phddns.lua file.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
|
Tp-link
Subscribe
|
Er5110g
Subscribe
Er5110g Firmware
Subscribe
Er5120g
Subscribe
Er5120g Firmware
Subscribe
Er5510g
Subscribe
Er5510g Firmware
Subscribe
Er5520g
Subscribe
Er5520g Firmware
Subscribe
R4149g
Subscribe
R4149g Firmware
Subscribe
R4239g
Subscribe
R4239g Firmware
Subscribe
R4299g
Subscribe
R4299g Firmware
Subscribe
R473
Subscribe
R473 Firmware
Subscribe
R473g
Subscribe
R473g Firmware
Subscribe
R473gp-ac
Subscribe
R473gp-ac Firmware
Subscribe
R473p-ac
Subscribe
R473p-ac Firmware
Subscribe
R478
Subscribe
R478\+
Subscribe
R478\+ Firmware
Subscribe
R478 Firmware
Subscribe
R478g\+
Subscribe
R478g\+ Firmware
Subscribe
R483
Subscribe
R483 Firmware
Subscribe
R483g
Subscribe
R483g Firmware
Subscribe
R488
Subscribe
R488 Firmware
Subscribe
War1300l
Subscribe
War1300l Firmware
Subscribe
War1750l
Subscribe
War1750l Firmware
Subscribe
War2600l
Subscribe
War2600l Firmware
Subscribe
War302
Subscribe
War302 Firmware
Subscribe
War450
Subscribe
War450 Firmware
Subscribe
War450l
Subscribe
War450l Firmware
Subscribe
War458
Subscribe
War458 Firmware
Subscribe
War458l
Subscribe
War458l Firmware
Subscribe
War900l
Subscribe
War900l Firmware
Subscribe
Wvr1300g
Subscribe
Wvr1300g Firmware
Subscribe
Wvr1300l
Subscribe
Wvr1300l Firmware
Subscribe
Wvr1750l
Subscribe
Wvr1750l Firmware
Subscribe
Wvr2600l
Subscribe
Wvr2600l Firmware
Subscribe
Wvr300
Subscribe
Wvr300 Firmware
Subscribe
Wvr302
Subscribe
Wvr302 Firmware
Subscribe
Wvr4300l
Subscribe
Wvr4300l Firmware
Subscribe
Wvr450
Subscribe
Wvr450 Firmware
Subscribe
Wvr450l
Subscribe
Wvr450l Firmware
Subscribe
Wvr458l
Subscribe
Wvr458l Firmware
Subscribe
Wvr900g
Subscribe
Wvr900g Firmware
Subscribe
Wvr900l
Subscribe
Wvr900l Firmware
Subscribe
|
Configuration 1 [-]
| AND |
|
Configuration 2 [-]
| AND |
|
Configuration 3 [-]
| AND |
|
Configuration 4 [-]
| AND |
|
Configuration 5 [-]
| AND |
|
Configuration 6 [-]
| AND |
|
Configuration 7 [-]
| AND |
|
Configuration 8 [-]
| AND |
|
Configuration 9 [-]
| AND |
|
Configuration 10 [-]
| AND |
|
Configuration 11 [-]
| AND |
|
Configuration 12 [-]
| AND |
|
Configuration 13 [-]
| AND |
|
Configuration 14 [-]
| AND |
|
Configuration 15 [-]
| AND |
|
Configuration 16 [-]
| AND |
|
Configuration 17 [-]
| AND |
|
Configuration 18 [-]
| AND |
|
Configuration 19 [-]
| AND |
|
Configuration 20 [-]
| AND |
|
Configuration 21 [-]
| AND |
|
Configuration 22 [-]
| AND |
|
Configuration 23 [-]
| AND |
|
Configuration 24 [-]
| AND |
|
Configuration 25 [-]
| AND |
|
Configuration 26 [-]
| AND |
|
Configuration 27 [-]
| AND |
|
Configuration 28 [-]
| AND |
|
Configuration 29 [-]
| AND |
|
Configuration 30 [-]
| AND |
|
Configuration 31 [-]
| AND |
|
Configuration 32 [-]
| AND |
|
Configuration 33 [-]
| AND |
|
Configuration 34 [-]
| AND |
|
Configuration 35 [-]
| AND |
|
Configuration 36 [-]
| AND |
|
Configuration 37 [-]
| AND |
|
Configuration 38 [-]
| AND |
|
No data.
No data.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2017-7067 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the phddns.lua file. |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-05T19:57:27.362Z
Reserved: 2017-10-19T00:00:00
Link: CVE-2017-15616
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-01-11T16:29:00.547
Modified: 2024-11-21T03:14:51.893
Link: CVE-2017-15616
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses