Details of VAR-201801-0394

ID

VAR-201801-0394

CVE

CVE-2017-15613

TITLE

TP-Link WVR, WAR, and ER device arbitrary command execution vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-01916

DESCRIPTION

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the cmxddns.lua file. TP-LinkWVR, WAR and ERdevices are different series of router products from China TP-LINK. Security vulnerabilities exist in TP-LinkWVR, WAR, and ER devices

Trust: 5.13

sources: NVD: CVE-2017-15613 // CNVD: CNVD-2018-01916 // CNVD: CNVD-2018-02032 // CNVD: CNVD-2018-02028 // CNVD: CNVD-2018-02027 // CNVD: CNVD-2018-02033 // CNVD: CNVD-2018-02038 // CNVD: CNVD-2018-02037 // VULHUB: VHN-106474 // VULHUB: VHN-106475 // VULHUB: VHN-106453 // VULHUB: VHN-106463 // VULHUB: VHN-106468

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 4.2

AFFECTED PRODUCTS

vendor:	tp link	model:	er	scope:	-	version:	-	Trust: 4.2
vendor:	tp link	model:	wvr	scope:	-	version:	-	Trust: 4.2
vendor:	tp link	model:	war	scope:	-	version:	-	Trust: 4.2
vendor:	tp link	model:	wvr900l	scope:	eq	version:	-	Trust: 1.6
vendor:	tp link	model:	wvr900g	scope:	eq	version:	3.0_170306	Trust: 1.6
vendor:	tp link	model:	wvr4300l	scope:	eq	version:	-	Trust: 1.6
vendor:	tp link	model:	wvr2600l	scope:	eq	version:	-	Trust: 1.6
vendor:	tp link	model:	wvr450l	scope:	eq	version:	1.0161125	Trust: 1.6
vendor:	tp link	model:	wvr450	scope:	eq	version:	-	Trust: 1.6
vendor:	tp link	model:	wvr300	scope:	eq	version:	-	Trust: 1.6
vendor:	tp link	model:	wvr458l	scope:	eq	version:	-	Trust: 1.6
vendor:	tp link	model:	wvr1750l	scope:	eq	version:	-	Trust: 1.6
vendor:	tp link	model:	wvr302	scope:	eq	version:	-	Trust: 1.6
vendor:	tp link	model:	r473g	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r4149g	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	war1300l	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	war450l	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r4239g	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r478\+	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	war458l	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r478	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	er5120g	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r473gp-ac	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	war302	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	war2600l	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r4299g	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	war1750l	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r488	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r478g\+	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	er5110g	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r473	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	war900l	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wvr1300g	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r473p-ac	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	er5520g	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r483g	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	war458	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wvr1300l	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r483	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	war450	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	er5510g	scope:	eq	version:	-	Trust: 1.0

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-15613
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2018-01916
value:	HIGH
Trust: 0.6
CNVD:	CNVD-2018-02032
value:	HIGH
Trust: 0.6
CNVD:	CNVD-2018-02028
value:	HIGH
Trust: 0.6
CNVD:	CNVD-2018-02027
value:	HIGH
Trust: 0.6
CNVD:	CNVD-2018-02033
value:	HIGH
Trust: 0.6
CNVD:	CNVD-2018-02038
value:	HIGH
Trust: 0.6
CNVD:	CNVD-2018-02037
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201801-431
value:	HIGH
Trust: 0.6
VULHUB:	VHN-106474
value:	HIGH
Trust: 0.1
VULHUB:	VHN-106475
value:	HIGH
Trust: 0.1
VULHUB:	VHN-106453
value:	HIGH
Trust: 0.1
VULHUB:	VHN-106463
value:	HIGH
Trust: 0.1
VULHUB:	VHN-106468
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-15613
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2018-01916
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2018-02032
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2018-02028
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2018-02027
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2018-02033
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2018-02038
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2018-02037
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-106474
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1
VULHUB:	VHN-106475
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1
VULHUB:	VHN-106453
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1
VULHUB:	VHN-106463
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1
VULHUB:	VHN-106468
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-15613
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.0
Trust: 1.0

sources: CNVD: CNVD-2018-01916 // CNVD: CNVD-2018-02032 // CNVD: CNVD-2018-02028 // CNVD: CNVD-2018-02027 // CNVD: CNVD-2018-02033 // CNVD: CNVD-2018-02038 // CNVD: CNVD-2018-02037 // VULHUB: VHN-106474 // VULHUB: VHN-106475 // VULHUB: VHN-106453 // VULHUB: VHN-106463 // VULHUB: VHN-106468 // CNNVD: CNNVD-201801-431 // NVD: CVE-2017-15613

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-77	Trust: 0.5

sources: VULHUB: VHN-106474 // VULHUB: VHN-106475 // VULHUB: VHN-106453 // VULHUB: VHN-106463 // VULHUB: VHN-106468 // NVD: CVE-2017-15613

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-431

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201801-431

PATCH

title:	TP-LinkWVR, WAR, and ER device arbitrary command execution vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/114425	Trust: 0.6
title:	Patch for TP-LinkWVR, WAR, and ER Device Arbitrary Command Execution Vulnerability (CNVD-2018-02032)	url:	https://www.cnvd.org.cn/patchInfo/show/114575	Trust: 0.6
title:	Patch for TP-LinkWVR, WAR, and ER device arbitrary command execution vulnerability (CNVD-2018-02028)	url:	https://www.cnvd.org.cn/patchInfo/show/114567	Trust: 0.6
title:	Patch for TP-LinkWVR, WAR, and ER device arbitrary command execution vulnerability (CNVD-2018-02027)	url:	https://www.cnvd.org.cn/patchInfo/show/114565	Trust: 0.6
title:	Patch for TP-LinkWVR, WAR, and ER device arbitrary command execution vulnerability (CNVD-2018-02033)	url:	https://www.cnvd.org.cn/patchInfo/show/114577	Trust: 0.6
title:	Patch for TP-LinkWVR, WAR, and ER device arbitrary command execution vulnerability (CNVD-2018-02038)	url:	https://www.cnvd.org.cn/patchInfo/show/114587	Trust: 0.6
title:	Patch for TP-LinkWVR, WAR, and ER Device Arbitrary Command Execution Vulnerability (CNVD-2018-02037)	url:	https://www.cnvd.org.cn/patchInfo/show/114585	Trust: 0.6
title:	TP-Link WVR , WAR and ER Repair measures for device security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77685	Trust: 0.6

EXTERNAL IDS

db:	NVD	id:	CVE-2017-15613	Trust: 6.3
db:	CNNVD	id:	CNNVD-201801-431	Trust: 0.7
db:	CNVD	id:	CNVD-2018-01916	Trust: 0.6
db:	CNVD	id:	CNVD-2018-02032	Trust: 0.6
db:	CNVD	id:	CNVD-2018-02028	Trust: 0.6
db:	CNVD	id:	CNVD-2018-02027	Trust: 0.6
db:	CNVD	id:	CNVD-2018-02033	Trust: 0.6
db:	CNVD	id:	CNVD-2018-02038	Trust: 0.6
db:	CNVD	id:	CNVD-2018-02037	Trust: 0.6
db:	CNNVD	id:	CNNVD-201710-899	Trust: 0.1
db:	VULHUB	id:	VHN-106474	Trust: 0.1
db:	CNNVD	id:	CNNVD-201710-898	Trust: 0.1
db:	VULHUB	id:	VHN-106475	Trust: 0.1
db:	PACKETSTORM	id:	145823	Trust: 0.1
db:	VULHUB	id:	VHN-106453	Trust: 0.1
db:	CNNVD	id:	CNNVD-201710-909	Trust: 0.1
db:	VULHUB	id:	VHN-106463	Trust: 0.1
db:	CNNVD	id:	CNNVD-201710-904	Trust: 0.1
db:	VULHUB	id:	VHN-106468	Trust: 0.1

REFERENCES

url:	https://github.com/chunibalon/vulnerability/blob/master/cve-2017-15613_to_cve-2017-15637.txt	Trust: 5.7
url:	http://www.securityfocus.com/archive/1/archive/1/541655/100/0/threaded	Trust: 3.6
url:	http://www.securityfocus.com/archive/1/541655/100/0/threaded	Trust: 2.1
url:	http://seclists.org/bugtraq/2018/jan/31	Trust: 0.6

SOURCES

db:	CNVD	id:	CNVD-2018-01916
db:	CNVD	id:	CNVD-2018-02032
db:	CNVD	id:	CNVD-2018-02028
db:	CNVD	id:	CNVD-2018-02027
db:	CNVD	id:	CNVD-2018-02033
db:	CNVD	id:	CNVD-2018-02038
db:	CNVD	id:	CNVD-2018-02037
db:	VULHUB	id:	VHN-106474
db:	VULHUB	id:	VHN-106475
db:	VULHUB	id:	VHN-106453
db:	VULHUB	id:	VHN-106463
db:	VULHUB	id:	VHN-106468
db:	CNNVD	id:	CNNVD-201801-431
db:	NVD	id:	CVE-2017-15613

LAST UPDATE DATE

2025-06-26T23:10:25.197000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-01916	date:	2018-01-25T00:00:00
db:	CNVD	id:	CNVD-2018-02032	date:	2018-01-26T00:00:00
db:	CNVD	id:	CNVD-2018-02028	date:	2018-01-26T00:00:00
db:	CNVD	id:	CNVD-2018-02027	date:	2018-01-26T00:00:00
db:	CNVD	id:	CNVD-2018-02033	date:	2018-01-26T00:00:00
db:	CNVD	id:	CNVD-2018-02038	date:	2018-01-26T00:00:00
db:	CNVD	id:	CNVD-2018-02037	date:	2018-01-26T00:00:00
db:	VULHUB	id:	VHN-106474	date:	2019-10-03T00:00:00
db:	VULHUB	id:	VHN-106475	date:	2019-10-03T00:00:00
db:	VULHUB	id:	VHN-106453	date:	2019-10-03T00:00:00
db:	VULHUB	id:	VHN-106463	date:	2019-10-03T00:00:00
db:	VULHUB	id:	VHN-106468	date:	2019-10-03T00:00:00
db:	CNNVD	id:	CNNVD-201801-431	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-15613	date:	2024-11-21T03:14:51.303

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-01916	date:	2018-01-12T00:00:00
db:	CNVD	id:	CNVD-2018-02032	date:	2018-01-26T00:00:00
db:	CNVD	id:	CNVD-2018-02028	date:	2018-01-26T00:00:00
db:	CNVD	id:	CNVD-2018-02027	date:	2018-01-26T00:00:00
db:	CNVD	id:	CNVD-2018-02033	date:	2018-01-12T00:00:00
db:	CNVD	id:	CNVD-2018-02038	date:	2018-01-12T00:00:00
db:	CNVD	id:	CNVD-2018-02037	date:	2018-01-12T00:00:00
db:	VULHUB	id:	VHN-106474	date:	2018-01-11T00:00:00
db:	VULHUB	id:	VHN-106475	date:	2018-01-11T00:00:00
db:	VULHUB	id:	VHN-106453	date:	2018-01-11T00:00:00
db:	VULHUB	id:	VHN-106463	date:	2018-01-11T00:00:00
db:	VULHUB	id:	VHN-106468	date:	2018-01-11T00:00:00
db:	CNNVD	id:	CNNVD-201801-431	date:	2018-01-12T00:00:00
db:	NVD	id:	CVE-2017-15613	date:	2018-01-11T16:29:00.407