TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
Configuration 1 [-]
| AND |
|
Configuration 2 [-]
| AND |
|
Configuration 3 [-]
| AND |
|
Configuration 4 [-]
| AND |
|
Configuration 5 [-]
| AND |
|
Configuration 6 [-]
| AND |
|
Configuration 7 [-]
| AND |
|
Configuration 8 [-]
| AND |
|
Configuration 9 [-]
| AND |
|
Configuration 10 [-]
| AND |
|
Configuration 11 [-]
| AND |
|
Configuration 12 [-]
| AND |
|
Configuration 13 [-]
| AND |
|
Configuration 14 [-]
| AND |
|
Configuration 15 [-]
| AND |
|
Configuration 16 [-]
| AND |
|
Configuration 17 [-]
| AND |
|
Configuration 18 [-]
| AND |
|
Configuration 19 [-]
| AND |
|
Configuration 20 [-]
| AND |
|
Configuration 21 [-]
| AND |
|
Configuration 22 [-]
| AND |
|
Configuration 23 [-]
| AND |
|
Configuration 24 [-]
| AND |
|
Configuration 25 [-]
| AND |
|
Configuration 26 [-]
| AND |
|
Configuration 27 [-]
| AND |
|
Configuration 28 [-]
| AND |
|
Configuration 29 [-]
| AND |
|
Configuration 30 [-]
| AND |
|
Configuration 31 [-]
| AND |
|
Configuration 32 [-]
| AND |
|
Configuration 33 [-]
| AND |
|
Configuration 34 [-]
| AND |
|
Configuration 35 [-]
| AND |
|
Configuration 36 [-]
| AND |
|
Configuration 37 [-]
| AND |
|
Configuration 38 [-]
| AND |
|
Configuration 39 [-]
| AND |
|
Configuration 40 [-]
| AND |
|
Configuration 41 [-]
| AND |
|
Configuration 42 [-]
| AND |
|
Configuration 43 [-]
| AND |
|
Configuration 44 [-]
| AND |
|
Configuration 45 [-]
| AND |
|
Configuration 46 [-]
| AND |
|
Configuration 47 [-]
| AND |
|
Configuration 48 [-]
| AND |
|
Configuration 49 [-]
| AND |
|
Configuration 50 [-]
| AND |
|
Configuration 51 [-]
| AND |
|
Configuration 52 [-]
| AND |
|
Configuration 53 [-]
| AND |
|
Configuration 54 [-]
| AND |
|
Configuration 55 [-]
| AND |
|
No data.
No data.
Project Subscriptions
| Vendors | Products |
|---|---|
|
Tp-link
Subscribe
|
Tl-er3210g
Subscribe
Tl-er3210g Firmware
Subscribe
Tl-er3220g
Subscribe
Tl-er3220g Firmware
Subscribe
Tl-er5110g
Subscribe
Tl-er5110g Firmware
Subscribe
Tl-er5120g
Subscribe
Tl-er5120g Firmware
Subscribe
Tl-er5510g
Subscribe
Tl-er5510g Firmware
Subscribe
Tl-er5520g
Subscribe
Tl-er5520g Firmware
Subscribe
Tl-er6110g
Subscribe
Tl-er6110g Firmware
Subscribe
Tl-er6120g
Subscribe
Tl-er6120g Firmware
Subscribe
Tl-er6220g
Subscribe
Tl-er6220g Firmware
Subscribe
Tl-er6510g
Subscribe
Tl-er6510g Firmware
Subscribe
Tl-er6520g
Subscribe
Tl-er6520g Firmware
Subscribe
Tl-er7520g
Subscribe
Tl-er7520g Firmware
Subscribe
Tl-r4149g
Subscribe
Tl-r4149g Firmware
Subscribe
Tl-r4239g
Subscribe
Tl-r4239g Firmware
Subscribe
Tl-r4299g
Subscribe
Tl-r4299g Firmware
Subscribe
Tl-r473
Subscribe
Tl-r473 Firmware
Subscribe
Tl-r473g
Subscribe
Tl-r473g Firmware
Subscribe
Tl-r473gp-ac
Subscribe
Tl-r473p-ac
Subscribe
Tl-r473p-ac Firmware
Subscribe
Tl-r478
Subscribe
Tl-r478\+
Subscribe
Tl-r478\+ Firmware
Subscribe
Tl-r478 Firmware
Subscribe
Tl-r478g
Subscribe
Tl-r478g\+
Subscribe
Tl-r478g\+ Firmware
Subscribe
Tl-r478g Firmware
Subscribe
Tl-r479gp-ac
Subscribe
Tl-r479gp-ac Firmware
Subscribe
Tl-r479gpe-ac
Subscribe
Tl-r479gpe-ac Firmware
Subscribe
Tl-r479p-ac
Subscribe
Tl-r479p-ac Firmware
Subscribe
Tl-r483
Subscribe
Tl-r483 Firmware
Subscribe
Tl-r483g
Subscribe
Tl-r483g Firmware
Subscribe
Tl-r488
Subscribe
Tl-r488 Firmware
Subscribe
Tl-war1200l
Subscribe
Tl-war1200l Firmware
Subscribe
Tl-war1300g
Subscribe
Tl-war1300l
Subscribe
Tl-war1300l Firmware
Subscribe
Tl-war1750l
Subscribe
Tl-war1750l Firmware
Subscribe
Tl-war2600l
Subscribe
Tl-war2600l Firmware
Subscribe
Tl-war302
Subscribe
Tl-war302 Firmware
Subscribe
Tl-war450
Subscribe
Tl-war450 Firmware
Subscribe
Tl-war450l
Subscribe
Tl-war450l Firmware
Subscribe
Tl-war458
Subscribe
Tl-war458 Firmware
Subscribe
Tl-war458l
Subscribe
Tl-war458l Firmware
Subscribe
Tl-war900l
Subscribe
Tl-war900l Firmware
Subscribe
Tl-wvr1200l
Subscribe
Tl-wvr1200l Firmware
Subscribe
Tl-wvr1300g Firmware
Subscribe
Tl-wvr1300l
Subscribe
Tl-wvr1300l Firmware
Subscribe
Tl-wvr1750l
Subscribe
Tl-wvr1750l Firmware
Subscribe
Tl-wvr2600l
Subscribe
Tl-wvr300
Subscribe
Tl-wvr300 Firmware
Subscribe
Tl-wvr302
Subscribe
Tl-wvr302 Firmware
Subscribe
Tl-wvr4300l
Subscribe
Tl-wvr4300l Firmware
Subscribe
Tl-wvr450
Subscribe
Tl-wvr450 Firmware
Subscribe
Tl-wvr450g
Subscribe
Tl-wvr450g Firmware
Subscribe
Tl-wvr450l
Subscribe
Tl-wvr450l Firmware
Subscribe
Tl-wvr458
Subscribe
Tl-wvr458 Firmware
Subscribe
Tl-wvr458l
Subscribe
Tl-wvr458l Firmware
Subscribe
Tl-wvr458p
Subscribe
Tl-wvr458p Firmware
Subscribe
Tl-wvr900g
Subscribe
Tl-wvr900g Firmware
Subscribe
Tl-wvr900l
Subscribe
Tl-wvr900l Firmware
Subscribe
|
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2017-8126 | TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd. |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-05T20:43:57.829Z
Reserved: 2017-11-27T00:00:00
Link: CVE-2017-16957
Vulnrichment
No data.
NVD
Status : Deferred
Published: 2017-11-27T10:29:00.440
Modified: 2025-04-20T01:37:25.860
Link: CVE-2017-16957
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses