CVE-2017-15613

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the cmxddns.lua file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
tp-linker5110g_firmware
-
tp-linker5120g_firmware
-
tp-linker5510g_firmware
-
tp-linker5520g_firmware
-
tp-linkr4149g_firmware
-
tp-linkr4239g_firmware
-
tp-linkr4299g_firmware
-
tp-linkr473gp-ac_firmware
-
tp-linkr473g_firmware
-
tp-linkr473p-ac_firmware
-
tp-linkr473_firmware
-
tp-linkr478g\+_firmware
-
tp-linkr478_firmware
-
tp-linkr478\+_firmware
-
tp-linkr483g_firmware
-
tp-linkr483_firmware
-
tp-linkr488_firmware
-
tp-linkwar1300l_firmware
-
tp-linkwar1750l_firmware
-
tp-linkwar2600l_firmware
-
tp-linkwar302_firmware
-
tp-linkwar450l_firmware
-
tp-linkwar450_firmware
-
tp-linkwar458l_firmware
-
tp-linkwar458_firmware
-
tp-linkwar900l_firmware
-
tp-linkwvr1300g_firmware
-
tp-linkwvr1300l_firmware
-
tp-linkwvr1750l_firmware
-
tp-linkwvr2600l_firmware
-
tp-linkwvr300_firmware
-
tp-linkwvr302_firmware
-
tp-linkwvr4300l_firmware
-
tp-linkwvr450l_firmware
1.0161125
tp-linkwvr450_firmware
-
tp-linkwvr458l_firmware
-
tp-linkwvr900g_firmware
3.0_170306:_170306
tp-linkwvr900l_firmware
-
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/archive/1/541655/100/0/threaded
https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt
http://www.securityfocus.com/archive/1/541655/100/0/threaded
https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt