CVE-2017-16959
Last modified
CVE-2017-16959 is a vulnerability of currently unknown severity. The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd.. EPSS estimates a 1.91% chance of exploitation in the next 30 days.
Description
The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Tp-Link | Tl-Wvr300 Firmware | All versions |
| Tp-Link | Tl-Wvr302 Firmware | All versions |
| Tp-Link | Tl-Wvr450 Firmware | All versions |
| Tp-Link | Tl-Wvr450l Firmware | All versions |
| Tp-Link | Tl-Wvr450g Firmware | All versions |
| Tp-Link | Tl-Wvr458 Firmware | All versions |
| Tp-Link | Tl-Wvr458l Firmware | All versions |
| Tp-Link | Tl-Wvr458p Firmware | All versions |
| Tp-Link | Tl-Wvr900g Firmware | All versions |
| Tp-Link | Tl-Wvr900l Firmware | All versions |
| Tp-Link | Tl-Wvr1200l Firmware | All versions |
| Tp-Link | Tl-Wvr1300l Firmware | All versions |
| Tp-Link | Tl-Wvr1300g Firmware | All versions |
| Tp-Link | Tl-Wvr1750l Firmware | All versions |
| Tp-Link | Tl-War2600l Firmware | All versions |
| Tp-Link | Tl-Wvr4300l Firmware | All versions |
| Tp-Link | Tl-War302 Firmware | All versions |
| Tp-Link | Tl-War450 Firmware | All versions |
| Tp-Link | Tl-War450l Firmware | All versions |
| Tp-Link | Tl-War458 Firmware | All versions |
| Tp-Link | Tl-War458l Firmware | All versions |
| Tp-Link | Tl-War900l Firmware | All versions |
| Tp-Link | Tl-War1200l Firmware | All versions |
| Tp-Link | Tl-War1300l Firmware | All versions |
| Tp-Link | Tl-War1750l Firmware | All versions |
| Tp-Link | Tl-Er3210g Firmware | All versions |
| Tp-Link | Tl-Er3220g Firmware | All versions |
| Tp-Link | Tl-Er5110g Firmware | All versions |
| Tp-Link | Tl-Er5120g Firmware | All versions |
| Tp-Link | Tl-Er5510g Firmware | All versions |
| Tp-Link | Tl-Er5520g Firmware | All versions |
| Tp-Link | Tl-Er6110g Firmware | All versions |
| Tp-Link | Tl-Er6120g Firmware | All versions |
| Tp-Link | Tl-Er6220g Firmware | All versions |
| Tp-Link | Tl-Er6510g Firmware | All versions |
| Tp-Link | Tl-Er6520g Firmware | All versions |
| Tp-Link | Tl-Er7520g Firmware | All versions |
| Tp-Link | Tl-R473 Firmware | All versions |
| Tp-Link | Tl-R473g Firmware | All versions |
| Tp-Link | Tl-R473p-Ac Firmware | All versions |
| Tp-Link | Tl-R479gp-Ac Firmware | All versions |
| Tp-Link | Tl-R478 Firmware | All versions |
| Tp-Link | Tl-R478\+ Firmware | All versions |
| Tp-Link | Tl-R478g Firmware | All versions |
| Tp-Link | Tl-R478g\+ Firmware | All versions |
| Tp-Link | Tl-R479p-Ac Firmware | All versions |
| Tp-Link | Tl-R479gpe-Ac Firmware | All versions |
| Tp-Link | Tl-R483 Firmware | All versions |
| Tp-Link | Tl-R483g Firmware | All versions |
| Tp-Link | Tl-R488 Firmware | All versions |
Showing 50 of 53 affected configurations. See NVD for the full list.
References
- https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkLocalePathDisclosure.txtExploit, Third Party Advisory
- https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkLocalePathDisclosure.txtExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-16959?
How severe is CVE-2017-16959?
How do I fix CVE-2017-16959?
Are you affected by CVE-2017-16959?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST