Details of VAR-E-201712-0467

ID

VAR-E-201712-0467

CVE

cve_id:

CVE-2017-17758

Trust: 0.3

sources: BID: 102259

TITLE

Multiple TP-Link Devices CVE-2017-17758 Arbitrary Command Execution Vulnerability

Trust: 0.3

sources: BID: 102259

DESCRIPTION

Multiple TP-Link Devices are prone to a remote arbitrary command-execution vulnerability.
An attacker can exploit this issue to execute arbitrary commands in context of the affected application.

Trust: 0.3

sources: BID: 102259

AFFECTED PRODUCTS

vendor:	tp link	model:	tl-wvr900g	scope:	eq	version:	Trust: 0.3
vendor:	tp link	model:	tl-wvr458p	scope:	eq	version:	Trust: 0.3
vendor:	tp link	model:	tl-wvr458l	scope:	eq	version:	Trust: 0.3
vendor:	tp link	model:	tl-wvr458	scope:	eq	version:	Trust: 0.3
vendor:	tp link	model:	tl-wvr450l	scope:	eq	version:	Trust: 0.3
vendor:	tp link	model:	tl-wvr450g	scope:	eq	version:	Trust: 0.3
vendor:	tp link	model:	tl-wvr450	scope:	eq	version:	Trust: 0.3
vendor:	tp link	model:	tl-wvr4300l	scope:	eq	version:	Trust: 0.3
vendor:	tp link	model:	tl-wvr302	scope:	eq	version:	Trust: 0.3
vendor:	tp link	model:	tl-wvr300	scope:	eq	version:	Trust: 0.3
vendor:	tp link	model:	tl-wvr2600l	scope:	eq	version:	Trust: 0.3
vendor:	tp link	model:	tl-wvr1750l	scope:	eq	version:	Trust: 0.3
vendor:	tp link	model:	tl-wvr1300l	scope:	eq	version:	Trust: 0.3
vendor:	tp link	model:	tl-wvr1300g	scope:	eq	version:	Trust: 0.3
vendor:	tp link	model:	tl-wvr1200l	scope:	eq	version:	Trust: 0.3
vendor:	tp link	model:	tl-war900l	scope:	eq	version:	Trust: 0.3
vendor:	tp link	model:	tl-war458l	scope:	eq	version:	Trust: 0.3
vendor:	tp link	model:	tl-war458	scope:	eq	version:	Trust: 0.3
vendor:	tp link	model:	tl-war450l	scope:	eq	version:	Trust: 0.3
vendor:	tp link	model:	tl-war450	scope:	eq	version:	Trust: 0.3
vendor:	tp link	model:	tl-war302	scope:	eq	version:	Trust: 0.3
vendor:	tp link	model:	tl-war2600l	scope:	eq	version:	Trust: 0.3
vendor:	tp link	model:	tl-war1750l	scope:	eq	version:	Trust: 0.3
vendor:	tp link	model:	tl-war1300l	scope:	eq	version:	Trust: 0.3
vendor:	tp link	model:	tl-war1200l	scope:	eq	version:	Trust: 0.3

sources: BID: 102259

EXPLOIT

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

Trust: 0.3

sources: BID: 102259

PRICE

Free

Trust: 0.3

sources: BID: 102259

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 102259

CREDITS

Zhaoxin Li, Chengdu Tongjin Middle School.

Trust: 0.3

sources: BID: 102259

EXTERNAL IDS

db:	NVD	id:	CVE-2017-17758	Trust: 0.3
db:	BID	id:	102259	Trust: 0.3

sources: BID: 102259

REFERENCES

url:	https://github.com/l1zhaoxin/router-vulnerability-research/blob/master/tplink_luci_dhcps_authenticated_rce_record.txt	Trust: 0.3
url:	http://www.tp-link.com/en/	Trust: 0.3

sources: BID: 102259

SOURCES

db:

BID

id:

102259

LAST UPDATE DATE

2022-07-27T09:32:20.941000+00:00

SOURCES UPDATE DATE

db:

BID

id:

102259

date:

2017-12-19T00:00:00

SOURCES RELEASE DATE

db:

BID

id:

102259

date:

2017-12-19T00:00:00