Published: 11/01/2018 Updated: 03/10/2019

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 802

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_client.lua file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tp-link er5110g_firmware -
tp-link er5120g_firmware -
tp-link er5510g_firmware -
tp-link er5520g_firmware -
tp-link r4149g_firmware -
tp-link r4239g_firmware -
tp-link r4299g_firmware -
tp-link r473gp-ac_firmware -
tp-link r473g_firmware -
tp-link r473p-ac_firmware -
tp-link r473_firmware -
tp-link r478g\\+_firmware -
tp-link r478_firmware -
tp-link r478\\+_firmware -
tp-link r483g_firmware -
tp-link r483_firmware -
tp-link r488_firmware -
tp-link war1300l_firmware -
tp-link war1750l_firmware -
tp-link war2600l_firmware -
tp-link war302_firmware -
tp-link war450l_firmware -
tp-link war450_firmware -
tp-link war458l_firmware -
tp-link war458_firmware -
tp-link war900l_firmware -
tp-link wvr1300g_firmware -
tp-link wvr1300l_firmware -
tp-link wvr1750l_firmware -
tp-link wvr2600l_firmware -
tp-link wvr300_firmware -
tp-link wvr302_firmware -
tp-link wvr4300l_firmware -
tp-link wvr450l_firmware 1.0161125
tp-link wvr450_firmware -
tp-link wvr458l_firmware -
tp-link wvr900g_firmware 3.0_170306
tp-link wvr900l_firmware -

Many TP-Link products suffer from multiple authenticated remote command injection vulnerabilities ...

NVD-CWE-noinfo https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt http://www.securityfocus.com/archive/1/541655/100/0/threaded https://nvd.nist.gov https://packetstormsecurity.com/files/145823/TP-Link-Remote-Command-Injection.html

CVE-2017-15622

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect