Strix
26.1K

CVE-2017-16957

UnknownEPSS 5.64%

Last modified

CVE-2017-16957 is a vulnerability of currently unknown severity. TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd.. EPSS estimates a 5.64% chance of exploitation in the next 30 days.

Description

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd.

Metrics

EPSS Probability
5.64%

92.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
Tp-LinkTl-Wvr300 FirmwareAll versions
Tp-LinkTl-Wvr302 FirmwareAll versions
Tp-LinkTl-Wvr450 FirmwareAll versions
Tp-LinkTl-Wvr450l FirmwareAll versions
Tp-LinkTl-Wvr450g FirmwareAll versions
Tp-LinkTl-Wvr458 FirmwareAll versions
Tp-LinkTl-Wvr458l FirmwareAll versions
Tp-LinkTl-Wvr458p FirmwareAll versions
Tp-LinkTl-Wvr900g FirmwareAll versions
Tp-LinkTl-Wvr900l FirmwareAll versions
Tp-LinkTl-Wvr1200l FirmwareAll versions
Tp-LinkTl-Wvr1300l FirmwareAll versions
Tp-LinkTl-Wvr1300g FirmwareAll versions
Tp-LinkTl-Wvr1750l FirmwareAll versions
Tp-LinkTl-War2600l FirmwareAll versions
Tp-LinkTl-Wvr4300l FirmwareAll versions
Tp-LinkTl-War302 FirmwareAll versions
Tp-LinkTl-War450 FirmwareAll versions
Tp-LinkTl-War450l FirmwareAll versions
Tp-LinkTl-War458 FirmwareAll versions
Tp-LinkTl-War458l FirmwareAll versions
Tp-LinkTl-War900l FirmwareAll versions
Tp-LinkTl-War1200l FirmwareAll versions
Tp-LinkTl-War1300l FirmwareAll versions
Tp-LinkTl-War1750l FirmwareAll versions
Tp-LinkTl-Er3210g FirmwareAll versions
Tp-LinkTl-Er3220g FirmwareAll versions
Tp-LinkTl-Er5110g FirmwareAll versions
Tp-LinkTl-Er5120g FirmwareAll versions
Tp-LinkTl-Er5510g FirmwareAll versions
Tp-LinkTl-Er5520g FirmwareAll versions
Tp-LinkTl-Er6110g FirmwareAll versions
Tp-LinkTl-Er6120g FirmwareAll versions
Tp-LinkTl-Er6220g FirmwareAll versions
Tp-LinkTl-Er6510g FirmwareAll versions
Tp-LinkTl-Er6520g FirmwareAll versions
Tp-LinkTl-Er7520g FirmwareAll versions
Tp-LinkTl-R473 FirmwareAll versions
Tp-LinkTl-R473g FirmwareAll versions
Tp-LinkTl-R473p-Ac FirmwareAll versions
Tp-LinkTl-R479gp-Ac FirmwareAll versions
Tp-LinkTl-R478 FirmwareAll versions
Tp-LinkTl-R478\+ FirmwareAll versions
Tp-LinkTl-R478g FirmwareAll versions
Tp-LinkTl-R478g\+ FirmwareAll versions
Tp-LinkTl-R479p-Ac FirmwareAll versions
Tp-LinkTl-R479gpe-Ac FirmwareAll versions
Tp-LinkTl-R483 FirmwareAll versions
Tp-LinkTl-R483g FirmwareAll versions
Tp-LinkTl-R488 FirmwareAll versions

Showing 50 of 53 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2017-16957?
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd.
How severe is CVE-2017-16957?
Severity scoring for CVE-2017-16957 is pending analysis. The EPSS model estimates a 5.64% probability of exploitation in the next 30 days.
How do I fix CVE-2017-16957?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-16957?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST