Vulnerability Details CVE-2017-15618
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_client.lua file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 79.9%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 9.0
References
- http://www.securityfocus.com/archive/1/541655/100/0/threaded
- https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt
- http://www.securityfocus.com/archive/1/541655/100/0/threaded
- https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt
Products affected by CVE-2017-15618
-
cpe:2.3:h:tp-link:er5110g:-
-
cpe:2.3:h:tp-link:er5120g:-
-
cpe:2.3:h:tp-link:er5510g:-
-
cpe:2.3:h:tp-link:er5520g:-
-
cpe:2.3:h:tp-link:r4149g:-
-
cpe:2.3:h:tp-link:r4239g:-
-
cpe:2.3:h:tp-link:r4299g:-
-
cpe:2.3:h:tp-link:r473:-
-
cpe:2.3:h:tp-link:r473g:-
-
cpe:2.3:h:tp-link:r473gp-ac:-
-
cpe:2.3:h:tp-link:r473p-ac:-
-
cpe:2.3:h:tp-link:r478+:-
-
cpe:2.3:h:tp-link:r478:-
-
cpe:2.3:h:tp-link:r478g+:-
-
cpe:2.3:h:tp-link:r483:-
-
cpe:2.3:h:tp-link:r483g:-
-
cpe:2.3:h:tp-link:r488:-
-
cpe:2.3:h:tp-link:war1300l:-
-
cpe:2.3:h:tp-link:war1750l:-
-
cpe:2.3:h:tp-link:war2600l:-
-
cpe:2.3:h:tp-link:war302:-
-
cpe:2.3:h:tp-link:war450:-
-
cpe:2.3:h:tp-link:war450l:-
-
cpe:2.3:h:tp-link:war458:-
-
cpe:2.3:h:tp-link:war458l:-
-
cpe:2.3:h:tp-link:war900l:-
-
cpe:2.3:h:tp-link:wvr1300g:-
-
cpe:2.3:h:tp-link:wvr1300l:-
-
cpe:2.3:h:tp-link:wvr1750l:-
-
cpe:2.3:h:tp-link:wvr2600l:-
-
cpe:2.3:h:tp-link:wvr300:-
-
cpe:2.3:h:tp-link:wvr302:-
-
cpe:2.3:h:tp-link:wvr4300l:-
-
cpe:2.3:h:tp-link:wvr450:-
-
cpe:2.3:h:tp-link:wvr450l:-
-
cpe:2.3:h:tp-link:wvr458l:-
-
cpe:2.3:h:tp-link:wvr900g:-
-
cpe:2.3:h:tp-link:wvr900l:-
-
cpe:2.3:o:tp-link:er5110g_firmware:-
-
cpe:2.3:o:tp-link:er5120g_firmware:-
-
cpe:2.3:o:tp-link:er5510g_firmware:-
-
cpe:2.3:o:tp-link:er5520g_firmware:-
-
cpe:2.3:o:tp-link:r4149g_firmware:-
-
cpe:2.3:o:tp-link:r4239g_firmware:-
-
cpe:2.3:o:tp-link:r4299g_firmware:-
-
cpe:2.3:o:tp-link:r473_firmware:-
-
cpe:2.3:o:tp-link:r473g_firmware:-
-
cpe:2.3:o:tp-link:r473gp-ac_firmware:-
-
cpe:2.3:o:tp-link:r473p-ac_firmware:-
-
cpe:2.3:o:tp-link:r478+_firmware:-
-
cpe:2.3:o:tp-link:r478_firmware:-
-
cpe:2.3:o:tp-link:r478g+_firmware:-
-
cpe:2.3:o:tp-link:r483_firmware:-
-
cpe:2.3:o:tp-link:r483g_firmware:-
-
cpe:2.3:o:tp-link:r488_firmware:-
-
cpe:2.3:o:tp-link:war1300l_firmware:-
-
cpe:2.3:o:tp-link:war1750l_firmware:-
-
cpe:2.3:o:tp-link:war2600l_firmware:-
-
cpe:2.3:o:tp-link:war302_firmware:-
-
cpe:2.3:o:tp-link:war450_firmware:-
-
cpe:2.3:o:tp-link:war450l_firmware:-
-
cpe:2.3:o:tp-link:war458_firmware:-
-
cpe:2.3:o:tp-link:war458l_firmware:-
-
cpe:2.3:o:tp-link:war900l_firmware:-
-
cpe:2.3:o:tp-link:wvr1300g_firmware:-
-
cpe:2.3:o:tp-link:wvr1300l_firmware:-
-
cpe:2.3:o:tp-link:wvr1750l_firmware:-
-
cpe:2.3:o:tp-link:wvr2600l_firmware:-
-
cpe:2.3:o:tp-link:wvr300_firmware:-
-
cpe:2.3:o:tp-link:wvr302_firmware:-
-
cpe:2.3:o:tp-link:wvr4300l_firmware:-
-
cpe:2.3:o:tp-link:wvr450_firmware:-
-
cpe:2.3:o:tp-link:wvr450l_firmware:1.0161125
-
cpe:2.3:o:tp-link:wvr458l_firmware:-
-
cpe:2.3:o:tp-link:wvr900g_firmware:3.0_170306
-
cpe:2.3:o:tp-link:wvr900l_firmware:-