ID

VAR-201801-0394


CVE

CVE-2017-15613


TITLE

TP-Link WVR, WAR, and ER device arbitrary command execution vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-01916

DESCRIPTION

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the cmxddns.lua file. TP-LinkWVR, WAR and ERdevices are different series of router products from China TP-LINK. Security vulnerabilities exist in TP-LinkWVR, WAR, and ER devices

Trust: 2.25

sources: NVD: CVE-2017-15613 // CNVD: CNVD-2018-01916 // VULHUB: VHN-106479 // VULHUB: VHN-106470 // VULHUB: VHN-106474 // VULHUB: VHN-106476 // VULHUB: VHN-106453 // VULHUB: VHN-106454 // VULHUB: VHN-106459 // VULHUB: VHN-106465 // VULHUB: VHN-106468

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-01916

AFFECTED PRODUCTS

vendor:tp linkmodel:wvr900lscope:eqversion: -

Trust: 1.6

vendor:tp linkmodel:wvr900gscope:eqversion:3.0_170306

Trust: 1.6

vendor:tp linkmodel:wvr4300lscope:eqversion: -

Trust: 1.6

vendor:tp linkmodel:wvr2600lscope:eqversion: -

Trust: 1.6

vendor:tp linkmodel:wvr450lscope:eqversion:1.0161125

Trust: 1.6

vendor:tp linkmodel:wvr450scope:eqversion: -

Trust: 1.6

vendor:tp linkmodel:wvr300scope:eqversion: -

Trust: 1.6

vendor:tp linkmodel:wvr458lscope:eqversion: -

Trust: 1.6

vendor:tp linkmodel:wvr1750lscope:eqversion: -

Trust: 1.6

vendor:tp linkmodel:wvr302scope:eqversion: -

Trust: 1.6

vendor:tp linkmodel:r473gscope:eqversion: -

Trust: 1.0

vendor:tp linkmodel:r4149gscope:eqversion: -

Trust: 1.0

vendor:tp linkmodel:war1300lscope:eqversion: -

Trust: 1.0

vendor:tp linkmodel:war450lscope:eqversion: -

Trust: 1.0

vendor:tp linkmodel:r4239gscope:eqversion: -

Trust: 1.0

vendor:tp linkmodel:r478\+scope:eqversion: -

Trust: 1.0

vendor:tp linkmodel:war458lscope:eqversion: -

Trust: 1.0

vendor:tp linkmodel:r478scope:eqversion: -

Trust: 1.0

vendor:tp linkmodel:er5120gscope:eqversion: -

Trust: 1.0

vendor:tp linkmodel:r473gp-acscope:eqversion: -

Trust: 1.0

vendor:tp linkmodel:war302scope:eqversion: -

Trust: 1.0

vendor:tp linkmodel:war2600lscope:eqversion: -

Trust: 1.0

vendor:tp linkmodel:r4299gscope:eqversion: -

Trust: 1.0

vendor:tp linkmodel:war1750lscope:eqversion: -

Trust: 1.0

vendor:tp linkmodel:r488scope:eqversion: -

Trust: 1.0

vendor:tp linkmodel:r478g\+scope:eqversion: -

Trust: 1.0

vendor:tp linkmodel:er5110gscope:eqversion: -

Trust: 1.0

vendor:tp linkmodel:r473scope:eqversion: -

Trust: 1.0

vendor:tp linkmodel:war900lscope:eqversion: -

Trust: 1.0

vendor:tp linkmodel:wvr1300gscope:eqversion: -

Trust: 1.0

vendor:tp linkmodel:r473p-acscope:eqversion: -

Trust: 1.0

vendor:tp linkmodel:er5520gscope:eqversion: -

Trust: 1.0

vendor:tp linkmodel:r483gscope:eqversion: -

Trust: 1.0

vendor:tp linkmodel:war458scope:eqversion: -

Trust: 1.0

vendor:tp linkmodel:wvr1300lscope:eqversion: -

Trust: 1.0

vendor:tp linkmodel:r483scope:eqversion: -

Trust: 1.0

vendor:tp linkmodel:war450scope:eqversion: -

Trust: 1.0

vendor:tp linkmodel:er5510gscope:eqversion: -

Trust: 1.0

vendor:tp linkmodel:erscope: - version: -

Trust: 0.6

vendor:tp linkmodel:wvrscope: - version: -

Trust: 0.6

vendor:tp linkmodel:warscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-01916 // CNNVD: CNNVD-201801-431 // NVD: CVE-2017-15613

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-15613
value: HIGH

Trust: 1.0

CNVD: CNVD-2018-01916
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201801-431
value: HIGH

Trust: 0.6

VULHUB: VHN-106479
value: HIGH

Trust: 0.1

VULHUB: VHN-106470
value: HIGH

Trust: 0.1

VULHUB: VHN-106474
value: HIGH

Trust: 0.1

VULHUB: VHN-106476
value: HIGH

Trust: 0.1

VULHUB: VHN-106453
value: HIGH

Trust: 0.1

VULHUB: VHN-106454
value: HIGH

Trust: 0.1

VULHUB: VHN-106459
value: HIGH

Trust: 0.1

VULHUB: VHN-106465
value: HIGH

Trust: 0.1

VULHUB: VHN-106468
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-15613
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2018-01916
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-106479
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

VULHUB: VHN-106470
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

VULHUB: VHN-106474
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

VULHUB: VHN-106476
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

VULHUB: VHN-106453
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

VULHUB: VHN-106454
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

VULHUB: VHN-106459
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

VULHUB: VHN-106465
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

VULHUB: VHN-106468
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-15613
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2018-01916 // VULHUB: VHN-106479 // VULHUB: VHN-106470 // VULHUB: VHN-106474 // VULHUB: VHN-106476 // VULHUB: VHN-106453 // VULHUB: VHN-106454 // VULHUB: VHN-106459 // VULHUB: VHN-106465 // VULHUB: VHN-106468 // CNNVD: CNNVD-201801-431 // NVD: CVE-2017-15613

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-77

Trust: 0.9

sources: VULHUB: VHN-106479 // VULHUB: VHN-106470 // VULHUB: VHN-106474 // VULHUB: VHN-106476 // VULHUB: VHN-106453 // VULHUB: VHN-106454 // VULHUB: VHN-106459 // VULHUB: VHN-106465 // VULHUB: VHN-106468 // NVD: CVE-2017-15613

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-431

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201801-431

PATCH

title:TP-LinkWVR, WAR, and ER device arbitrary command execution vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/114425

Trust: 0.6

title:TP-Link WVR , WAR and ER Repair measures for device security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77685

Trust: 0.6

sources: CNVD: CNVD-2018-01916 // CNNVD: CNNVD-201801-431

EXTERNAL IDS

db:NVDid:CVE-2017-15613

Trust: 3.1

db:CNNVDid:CNNVD-201801-431

Trust: 0.7

db:CNVDid:CNVD-2018-01916

Trust: 0.6

db:CNNVDid:CNNVD-201710-894

Trust: 0.1

db:VULHUBid:VHN-106479

Trust: 0.1

db:CNNVDid:CNNVD-201710-902

Trust: 0.1

db:VULHUBid:VHN-106470

Trust: 0.1

db:CNNVDid:CNNVD-201710-899

Trust: 0.1

db:VULHUBid:VHN-106474

Trust: 0.1

db:CNNVDid:CNNVD-201710-897

Trust: 0.1

db:VULHUBid:VHN-106476

Trust: 0.1

db:PACKETSTORMid:145823

Trust: 0.1

db:VULHUBid:VHN-106453

Trust: 0.1

db:CNNVDid:CNNVD-201801-430

Trust: 0.1

db:VULHUBid:VHN-106454

Trust: 0.1

db:CNNVDid:CNNVD-201801-425

Trust: 0.1

db:VULHUBid:VHN-106459

Trust: 0.1

db:CNNVDid:CNNVD-201710-907

Trust: 0.1

db:VULHUBid:VHN-106465

Trust: 0.1

db:CNNVDid:CNNVD-201710-904

Trust: 0.1

db:VULHUBid:VHN-106468

Trust: 0.1

sources: CNVD: CNVD-2018-01916 // VULHUB: VHN-106479 // VULHUB: VHN-106470 // VULHUB: VHN-106474 // VULHUB: VHN-106476 // VULHUB: VHN-106453 // VULHUB: VHN-106454 // VULHUB: VHN-106459 // VULHUB: VHN-106465 // VULHUB: VHN-106468 // CNNVD: CNNVD-201801-431 // NVD: CVE-2017-15613

REFERENCES

url:http://www.securityfocus.com/archive/1/541655/100/0/threaded

Trust: 2.5

url:https://github.com/chunibalon/vulnerability/blob/master/cve-2017-15613_to_cve-2017-15637.txt

Trust: 2.5

url:http://seclists.org/bugtraq/2018/jan/31

Trust: 0.6

sources: CNVD: CNVD-2018-01916 // VULHUB: VHN-106479 // VULHUB: VHN-106470 // VULHUB: VHN-106474 // VULHUB: VHN-106476 // VULHUB: VHN-106453 // VULHUB: VHN-106454 // VULHUB: VHN-106459 // VULHUB: VHN-106465 // VULHUB: VHN-106468 // CNNVD: CNNVD-201801-431 // NVD: CVE-2017-15613

SOURCES

db:CNVDid:CNVD-2018-01916
db:VULHUBid:VHN-106479
db:VULHUBid:VHN-106470
db:VULHUBid:VHN-106474
db:VULHUBid:VHN-106476
db:VULHUBid:VHN-106453
db:VULHUBid:VHN-106454
db:VULHUBid:VHN-106459
db:VULHUBid:VHN-106465
db:VULHUBid:VHN-106468
db:CNNVDid:CNNVD-201801-431
db:NVDid:CVE-2017-15613

LAST UPDATE DATE

2024-12-21T22:57:00.916000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-01916date:2018-01-25T00:00:00
db:VULHUBid:VHN-106479date:2019-10-03T00:00:00
db:VULHUBid:VHN-106470date:2019-10-03T00:00:00
db:VULHUBid:VHN-106474date:2019-10-03T00:00:00
db:VULHUBid:VHN-106476date:2019-10-03T00:00:00
db:VULHUBid:VHN-106453date:2019-10-03T00:00:00
db:VULHUBid:VHN-106454date:2019-10-03T00:00:00
db:VULHUBid:VHN-106459date:2019-10-03T00:00:00
db:VULHUBid:VHN-106465date:2019-10-03T00:00:00
db:VULHUBid:VHN-106468date:2019-10-03T00:00:00
db:CNNVDid:CNNVD-201801-431date:2019-10-23T00:00:00
db:NVDid:CVE-2017-15613date:2024-11-21T03:14:51.303

SOURCES RELEASE DATE

db:CNVDid:CNVD-2018-01916date:2018-01-12T00:00:00
db:VULHUBid:VHN-106479date:2018-01-11T00:00:00
db:VULHUBid:VHN-106470date:2018-01-11T00:00:00
db:VULHUBid:VHN-106474date:2018-01-11T00:00:00
db:VULHUBid:VHN-106476date:2018-01-11T00:00:00
db:VULHUBid:VHN-106453date:2018-01-11T00:00:00
db:VULHUBid:VHN-106454date:2018-01-11T00:00:00
db:VULHUBid:VHN-106459date:2018-01-11T00:00:00
db:VULHUBid:VHN-106465date:2018-01-11T00:00:00
db:VULHUBid:VHN-106468date:2018-01-11T00:00:00
db:CNNVDid:CNNVD-201801-431date:2018-01-12T00:00:00
db:NVDid:CVE-2017-15613date:2018-01-11T16:29:00.407