CVE-2017-16959 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 59%

Vendor	Product	Version
tp-link	tl-wvr300_firmware	-
tp-link	tl-wvr302_firmware	-
tp-link	tl-wvr450_firmware	-
tp-link	tl-wvr450l_firmware	-
tp-link	tl-wvr450g_firmware	-
tp-link	tl-wvr458_firmware	-
tp-link	tl-wvr458l_firmware	-
tp-link	tl-wvr458p_firmware	-
tp-link	tl-wvr900g_firmware	-
tp-link	tl-wvr900l_firmware	-
tp-link	tl-wvr1200l_firmware	-
tp-link	tl-wvr1300l_firmware	-
tp-link	tl-wvr1300g_firmware	-
tp-link	tl-wvr1750l_firmware	-
tp-link	tl-war2600l_firmware	-
tp-link	tl-wvr4300l_firmware	-
tp-link	tl-war302_firmware	-
tp-link	tl-war450_firmware	-
tp-link	tl-war450l_firmware	-
tp-link	tl-war458_firmware	-
tp-link	tl-war458l_firmware	-
tp-link	tl-war900l_firmware	-
tp-link	tl-war1200l_firmware	-
tp-link	tl-war1300l_firmware	-
tp-link	tl-war1750l_firmware	-
tp-link	tl-war2600l_firmware	-
tp-link	tl-er3210g_firmware	-
tp-link	tl-er3220g_firmware	-
tp-link	tl-er5110g_firmware	-
tp-link	tl-er5120g_firmware	-
tp-link	tl-er5510g_firmware	-
tp-link	tl-er5520g_firmware	-
tp-link	tl-er6110g_firmware	-
tp-link	tl-er6120g_firmware	-
tp-link	tl-er6220g_firmware	-
tp-link	tl-er6510g_firmware	-
tp-link	tl-er6520g_firmware	-
tp-link	tl-er7520g_firmware	-
tp-link	tl-r473_firmware	-
tp-link	tl-r473g_firmware	-
tp-link	tl-r473p-ac_firmware	-
tp-link	tl-r479gp-ac_firmware	-
tp-link	tl-r478_firmware	-
tp-link	tl-r478\+_firmware	-
tp-link	tl-r478g_firmware	-
tp-link	tl-r478g\+_firmware	-
tp-link	tl-r479p-ac_firmware	-
tp-link	tl-r479gp-ac_firmware	-
tp-link	tl-r479gpe-ac_firmware	-
tp-link	tl-r483_firmware	-
tp-link	tl-r483g_firmware	-
tp-link	tl-r488_firmware	-
tp-link	tl-r4149g_firmware	-
tp-link	tl-r4239g_firmware	-
tp-link	tl-r4299g_firmware	-

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkLocalePathDisclosure.txt

https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkLocalePathDisclosure.txt