Details of VAR-201801-0394

ID

VAR-201801-0394

CVE

CVE-2017-15613

TITLE

TP-Link WVR, WAR, and ER device arbitrary command execution vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-01916

DESCRIPTION

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the cmxddns.lua file. TP-LinkWVR, WAR and ERdevices are different series of router products from China TP-LINK. Security vulnerabilities exist in TP-LinkWVR, WAR, and ER devices

Trust: 4.59

sources: NVD: CVE-2017-15613 // CNVD: CNVD-2018-01916 // CNVD: CNVD-2018-02036 // CNVD: CNVD-2018-02028 // CNVD: CNVD-2018-02033 // CNVD: CNVD-2018-02038 // CNVD: CNVD-2018-02031 // VULHUB: VHN-106474 // VULHUB: VHN-106453 // VULHUB: VHN-106457 // VULHUB: VHN-106463 // VULHUB: VHN-106468

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 3.6

sources: CNVD: CNVD-2018-01916 // CNVD: CNVD-2018-02036 // CNVD: CNVD-2018-02028 // CNVD: CNVD-2018-02033 // CNVD: CNVD-2018-02038 // CNVD: CNVD-2018-02031

AFFECTED PRODUCTS

vendor:	tp link	model:	er	scope:	-	version:	-	Trust: 3.6
vendor:	tp link	model:	wvr	scope:	-	version:	-	Trust: 3.6
vendor:	tp link	model:	war	scope:	-	version:	-	Trust: 3.6
vendor:	tp link	model:	r473g	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r4149g	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	war1300l	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	war450l	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wvr1750l	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r4239g	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wvr302	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r478\+	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wvr450	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	war458l	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r478	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	er5120g	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r473gp-ac	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	war302	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	war2600l	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wvr4300l	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r4299g	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	war1750l	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r488	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wvr900g	scope:	eq	version:	3.0_170306	Trust: 1.0
vendor:	tp link	model:	wvr900l	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r478g\+	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	er5110g	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wvr300	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r473	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	war900l	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wvr1300g	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r473p-ac	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	er5520g	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r483g	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	war458	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wvr1300l	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r483	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wvr458l	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wvr450l	scope:	eq	version:	1.0161125	Trust: 1.0
vendor:	tp link	model:	war450	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	er5510g	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wvr2600l	scope:	eq	version:	-	Trust: 1.0

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-15613
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2018-01916
value:	HIGH
Trust: 0.6
CNVD:	CNVD-2018-02036
value:	HIGH
Trust: 0.6
CNVD:	CNVD-2018-02028
value:	HIGH
Trust: 0.6
CNVD:	CNVD-2018-02033
value:	HIGH
Trust: 0.6
CNVD:	CNVD-2018-02038
value:	HIGH
Trust: 0.6
CNVD:	CNVD-2018-02031
value:	HIGH
Trust: 0.6
VULHUB:	VHN-106474
value:	HIGH
Trust: 0.1
VULHUB:	VHN-106453
value:	HIGH
Trust: 0.1
VULHUB:	VHN-106457
value:	HIGH
Trust: 0.1
VULHUB:	VHN-106463
value:	HIGH
Trust: 0.1
VULHUB:	VHN-106468
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-15613
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2018-01916
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2018-02036
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2018-02028
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2018-02033
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2018-02038
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2018-02031
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-106474
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1
VULHUB:	VHN-106453
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1
VULHUB:	VHN-106457
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1
VULHUB:	VHN-106463
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1
VULHUB:	VHN-106468
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-15613
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.0
Trust: 1.0

sources: CNVD: CNVD-2018-01916 // CNVD: CNVD-2018-02036 // CNVD: CNVD-2018-02028 // CNVD: CNVD-2018-02033 // CNVD: CNVD-2018-02038 // CNVD: CNVD-2018-02031 // VULHUB: VHN-106474 // VULHUB: VHN-106453 // VULHUB: VHN-106457 // VULHUB: VHN-106463 // VULHUB: VHN-106468 // NVD: CVE-2017-15613

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-77	Trust: 0.5

sources: VULHUB: VHN-106474 // VULHUB: VHN-106453 // VULHUB: VHN-106457 // VULHUB: VHN-106463 // VULHUB: VHN-106468 // NVD: CVE-2017-15613

PATCH

title:	TP-LinkWVR, WAR, and ER device arbitrary command execution vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/114425	Trust: 0.6
title:	Patch for TP-LinkWVR, WAR, and ER device arbitrary command execution vulnerability (CNVD-2018-02036)	url:	https://www.cnvd.org.cn/patchInfo/show/114583	Trust: 0.6
title:	Patch for TP-LinkWVR, WAR, and ER device arbitrary command execution vulnerability (CNVD-2018-02028)	url:	https://www.cnvd.org.cn/patchInfo/show/114567	Trust: 0.6
title:	Patch for TP-LinkWVR, WAR, and ER device arbitrary command execution vulnerability (CNVD-2018-02033)	url:	https://www.cnvd.org.cn/patchInfo/show/114577	Trust: 0.6
title:	Patch for TP-LinkWVR, WAR, and ER device arbitrary command execution vulnerability (CNVD-2018-02038)	url:	https://www.cnvd.org.cn/patchInfo/show/114587	Trust: 0.6
title:	Patch for TP-LinkWVR, WAR, and ER device arbitrary command execution vulnerability (CNVD-2018-02031)	url:	https://www.cnvd.org.cn/patchInfo/show/114573	Trust: 0.6

sources: CNVD: CNVD-2018-01916 // CNVD: CNVD-2018-02036 // CNVD: CNVD-2018-02028 // CNVD: CNVD-2018-02033 // CNVD: CNVD-2018-02038 // CNVD: CNVD-2018-02031

EXTERNAL IDS

db:	NVD	id:	CVE-2017-15613	Trust: 5.1
db:	CNVD	id:	CNVD-2018-01916	Trust: 0.6
db:	CNVD	id:	CNVD-2018-02036	Trust: 0.6
db:	CNVD	id:	CNVD-2018-02028	Trust: 0.6
db:	CNVD	id:	CNVD-2018-02033	Trust: 0.6
db:	CNVD	id:	CNVD-2018-02038	Trust: 0.6
db:	CNVD	id:	CNVD-2018-02031	Trust: 0.6
db:	CNNVD	id:	CNNVD-201710-899	Trust: 0.1
db:	VULHUB	id:	VHN-106474	Trust: 0.1
db:	PACKETSTORM	id:	145823	Trust: 0.1
db:	CNNVD	id:	CNNVD-201801-431	Trust: 0.1
db:	VULHUB	id:	VHN-106453	Trust: 0.1
db:	CNNVD	id:	CNNVD-201801-427	Trust: 0.1
db:	VULHUB	id:	VHN-106457	Trust: 0.1
db:	CNNVD	id:	CNNVD-201710-909	Trust: 0.1
db:	VULHUB	id:	VHN-106463	Trust: 0.1
db:	CNNVD	id:	CNNVD-201710-904	Trust: 0.1
db:	VULHUB	id:	VHN-106468	Trust: 0.1

REFERENCES

url:	https://github.com/chunibalon/vulnerability/blob/master/cve-2017-15613_to_cve-2017-15637.txt	Trust: 4.5
url:	http://www.securityfocus.com/archive/1/archive/1/541655/100/0/threaded	Trust: 3.0
url:	http://www.securityfocus.com/archive/1/541655/100/0/threaded	Trust: 1.5
url:	http://seclists.org/bugtraq/2018/jan/31	Trust: 0.6

SOURCES

db:	CNVD	id:	CNVD-2018-01916
db:	CNVD	id:	CNVD-2018-02036
db:	CNVD	id:	CNVD-2018-02028
db:	CNVD	id:	CNVD-2018-02033
db:	CNVD	id:	CNVD-2018-02038
db:	CNVD	id:	CNVD-2018-02031
db:	VULHUB	id:	VHN-106474
db:	VULHUB	id:	VHN-106453
db:	VULHUB	id:	VHN-106457
db:	VULHUB	id:	VHN-106463
db:	VULHUB	id:	VHN-106468
db:	NVD	id:	CVE-2017-15613

LAST UPDATE DATE

2026-02-05T16:09:21.958000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-01916	date:	2018-01-25T00:00:00
db:	CNVD	id:	CNVD-2018-02036	date:	2018-01-26T00:00:00
db:	CNVD	id:	CNVD-2018-02028	date:	2018-01-26T00:00:00
db:	CNVD	id:	CNVD-2018-02033	date:	2018-01-26T00:00:00
db:	CNVD	id:	CNVD-2018-02038	date:	2018-01-26T00:00:00
db:	CNVD	id:	CNVD-2018-02031	date:	2018-01-26T00:00:00
db:	VULHUB	id:	VHN-106474	date:	2019-10-03T00:00:00
db:	VULHUB	id:	VHN-106453	date:	2019-10-03T00:00:00
db:	VULHUB	id:	VHN-106457	date:	2019-10-03T00:00:00
db:	VULHUB	id:	VHN-106463	date:	2019-10-03T00:00:00
db:	VULHUB	id:	VHN-106468	date:	2019-10-03T00:00:00
db:	NVD	id:	CVE-2017-15613	date:	2024-11-21T03:14:51.303

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-01916	date:	2018-01-12T00:00:00
db:	CNVD	id:	CNVD-2018-02036	date:	2018-01-12T00:00:00
db:	CNVD	id:	CNVD-2018-02028	date:	2018-01-26T00:00:00
db:	CNVD	id:	CNVD-2018-02033	date:	2018-01-12T00:00:00
db:	CNVD	id:	CNVD-2018-02038	date:	2018-01-12T00:00:00
db:	CNVD	id:	CNVD-2018-02031	date:	2018-01-26T00:00:00
db:	VULHUB	id:	VHN-106474	date:	2018-01-11T00:00:00
db:	VULHUB	id:	VHN-106453	date:	2018-01-11T00:00:00
db:	VULHUB	id:	VHN-106457	date:	2018-01-11T00:00:00
db:	VULHUB	id:	VHN-106463	date:	2018-01-11T00:00:00
db:	VULHUB	id:	VHN-106468	date:	2018-01-11T00:00:00
db:	NVD	id:	CVE-2017-15613	date:	2018-01-11T16:29:00.407