CVE-2017-17757

Name: CVE-2017-17757
Creator: NVD / NIST
Published: 2017-12-19T07:29:00.2+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.74%

Last modified Jun 17, 2026

CVE-2017-17757 is a vulnerability of currently unknown severity. TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua in uhttpd.. EPSS estimates a 2.74% chance of exploitation in the next 30 days.

Description

TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua in uhttpd.

Metrics

EPSS Probability

2.74%

84.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-78

Affected Software

Vendor	Product	Versions
Tp-Link	Tl-Wvr450l Firmware	All versions
Tp-Link	Tl-Wvr458l Firmware	All versions
Tp-Link	Tl-Wvr900l Firmware	All versions
Tp-Link	Tl-Wvr1200l Firmware	All versions
Tp-Link	Tl-Wvr1300l Firmware	All versions
Tp-Link	Tl-Wvr1750l Firmware	All versions
Tp-Link	Tl-Wvr2600l Firmware	All versions
Tp-Link	Tl-Wvr4300l Firmware	All versions
Tp-Link	Tl-War450l Firmware	All versions
Tp-Link	Tl-War458l Firmware	All versions
Tp-Link	Tl-War900l Firmware	All versions
Tp-Link	Tl-War1200l Firmware	All versions
Tp-Link	Tl-War1300l Firmware	All versions
Tp-Link	Tl-War1750l Firmware	All versions
Tp-Link	Tl-War2600l Firmware	All versions

References

https://github.com/L1ZhaoXin/Router-Vulnerability-Research/blob/master/Tplink_LUCI_Wechat_Authenticated_RCE_Record.txtExploit, Issue Tracking, Third Party Advisory
https://github.com/L1ZhaoXin/Router-Vulnerability-Research/blob/master/Tplink_LUCI_Wechat_Authenticated_RCE_Record.txtExploit, Issue Tracking, Third Party Advisory

Timeline

Published: Dec 19, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-17757?

How severe is CVE-2017-17757?

Severity scoring for CVE-2017-17757 is pending analysis. The EPSS model estimates a 2.74% probability of exploitation in the next 30 days.

How do I fix CVE-2017-17757?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-17757?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST