Details of VAR-201801-0394

ID

VAR-201801-0394

CVE

CVE-2017-15613

TITLE

TP-Link WVR, WAR, and ER Device Arbitrary Command Execution Vulnerabilities (CNVD-2018-02034)

Trust: 0.6

sources: CNVD: CNVD-2018-02034

DESCRIPTION

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the cmxddns.lua file. TP-LinkWVR, WAR and ERdevices are different series of router products from China TP-LINK. Security vulnerabilities exist in TP-LinkWVR, WAR, and ER devices

Trust: 4.59

sources: NVD: CVE-2017-15613 // CNVD: CNVD-2018-02034 // CNVD: CNVD-2018-01916 // CNVD: CNVD-2018-02032 // CNVD: CNVD-2018-02027 // CNVD: CNVD-2018-02039 // CNVD: CNVD-2018-02037 // VULHUB: VHN-106472 // VULHUB: VHN-106477 // VULHUB: VHN-106453 // VULHUB: VHN-106456 // VULHUB: VHN-106462

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 3.6

sources: CNVD: CNVD-2018-02034 // CNVD: CNVD-2018-01916 // CNVD: CNVD-2018-02032 // CNVD: CNVD-2018-02027 // CNVD: CNVD-2018-02039 // CNVD: CNVD-2018-02037

AFFECTED PRODUCTS

vendor:	tp link	model:	er	scope:	-	version:	-	Trust: 3.6
vendor:	tp link	model:	wvr	scope:	-	version:	-	Trust: 3.6
vendor:	tp link	model:	war	scope:	-	version:	-	Trust: 3.6
vendor:	tp link	model:	wvr900l	scope:	eq	version:	-	Trust: 1.6
vendor:	tp link	model:	wvr900g	scope:	eq	version:	3.0_170306	Trust: 1.6
vendor:	tp link	model:	wvr4300l	scope:	eq	version:	-	Trust: 1.6
vendor:	tp link	model:	wvr2600l	scope:	eq	version:	-	Trust: 1.6
vendor:	tp link	model:	wvr450l	scope:	eq	version:	1.0161125	Trust: 1.6
vendor:	tp link	model:	wvr450	scope:	eq	version:	-	Trust: 1.6
vendor:	tp link	model:	wvr300	scope:	eq	version:	-	Trust: 1.6
vendor:	tp link	model:	wvr458l	scope:	eq	version:	-	Trust: 1.6
vendor:	tp link	model:	wvr1750l	scope:	eq	version:	-	Trust: 1.6
vendor:	tp link	model:	wvr302	scope:	eq	version:	-	Trust: 1.6
vendor:	tp link	model:	r478\+	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	war1750l	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r478g\+	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	war450l	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wvr1300g	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r473g	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r488	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r478	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	er5120g	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	er5510g	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r4239g	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r4149g	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	war458	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r4299g	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	war450	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	war458l	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	wvr1300l	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	war1300l	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	war900l	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r483	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	war302	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r473p-ac	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r473gp-ac	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	er5520g	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r473	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	r483g	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	war2600l	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	er5110g	scope:	eq	version:	-	Trust: 1.0

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-15613
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2018-02034
value:	HIGH
Trust: 0.6
CNVD:	CNVD-2018-01916
value:	HIGH
Trust: 0.6
CNVD:	CNVD-2018-02032
value:	HIGH
Trust: 0.6
CNVD:	CNVD-2018-02027
value:	HIGH
Trust: 0.6
CNVD:	CNVD-2018-02039
value:	HIGH
Trust: 0.6
CNVD:	CNVD-2018-02037
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201801-431
value:	HIGH
Trust: 0.6
VULHUB:	VHN-106472
value:	HIGH
Trust: 0.1
VULHUB:	VHN-106477
value:	HIGH
Trust: 0.1
VULHUB:	VHN-106453
value:	HIGH
Trust: 0.1
VULHUB:	VHN-106456
value:	HIGH
Trust: 0.1
VULHUB:	VHN-106462
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-15613
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2018-02034
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2018-01916
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2018-02032
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2018-02027
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2018-02039
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2018-02037
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-106472
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1
VULHUB:	VHN-106477
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1
VULHUB:	VHN-106453
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1
VULHUB:	VHN-106456
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1
VULHUB:	VHN-106462
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-15613
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.0
Trust: 1.0

sources: CNVD: CNVD-2018-02034 // CNVD: CNVD-2018-01916 // CNVD: CNVD-2018-02032 // CNVD: CNVD-2018-02027 // CNVD: CNVD-2018-02039 // CNVD: CNVD-2018-02037 // VULHUB: VHN-106472 // VULHUB: VHN-106477 // VULHUB: VHN-106453 // VULHUB: VHN-106456 // VULHUB: VHN-106462 // CNNVD: CNNVD-201801-431 // NVD: CVE-2017-15613

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-77	Trust: 0.5

sources: VULHUB: VHN-106472 // VULHUB: VHN-106477 // VULHUB: VHN-106453 // VULHUB: VHN-106456 // VULHUB: VHN-106462 // NVD: CVE-2017-15613

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-431

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201801-431

PATCH

title:	Patch for TP-LinkWVR, WAR, and ER device arbitrary command execution vulnerability (CNVD-2018-02034)	url:	https://www.cnvd.org.cn/patchInfo/show/114579	Trust: 0.6
title:	TP-LinkWVR, WAR, and ER device arbitrary command execution vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/114425	Trust: 0.6
title:	Patch for TP-LinkWVR, WAR, and ER Device Arbitrary Command Execution Vulnerability (CNVD-2018-02032)	url:	https://www.cnvd.org.cn/patchInfo/show/114575	Trust: 0.6
title:	Patch for TP-LinkWVR, WAR, and ER device arbitrary command execution vulnerability (CNVD-2018-02027)	url:	https://www.cnvd.org.cn/patchInfo/show/114565	Trust: 0.6
title:	Patch for TP-LinkWVR, WAR, and ER Device Arbitrary Command Execution Vulnerability (CNVD-2018-02039)	url:	https://www.cnvd.org.cn/patchInfo/show/114589	Trust: 0.6
title:	Patch for TP-LinkWVR, WAR, and ER Device Arbitrary Command Execution Vulnerability (CNVD-2018-02037)	url:	https://www.cnvd.org.cn/patchInfo/show/114585	Trust: 0.6
title:	TP-Link WVR , WAR and ER Repair measures for device security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77685	Trust: 0.6

EXTERNAL IDS

db:	NVD	id:	CVE-2017-15613	Trust: 5.7
db:	CNNVD	id:	CNNVD-201801-431	Trust: 0.7
db:	CNVD	id:	CNVD-2018-02034	Trust: 0.6
db:	CNVD	id:	CNVD-2018-01916	Trust: 0.6
db:	CNVD	id:	CNVD-2018-02032	Trust: 0.6
db:	CNVD	id:	CNVD-2018-02027	Trust: 0.6
db:	CNVD	id:	CNVD-2018-02039	Trust: 0.6
db:	CNVD	id:	CNVD-2018-02037	Trust: 0.6
db:	CNNVD	id:	CNNVD-201710-901	Trust: 0.1
db:	VULHUB	id:	VHN-106472	Trust: 0.1
db:	CNNVD	id:	CNNVD-201710-896	Trust: 0.1
db:	VULHUB	id:	VHN-106477	Trust: 0.1
db:	PACKETSTORM	id:	145823	Trust: 0.1
db:	VULHUB	id:	VHN-106453	Trust: 0.1
db:	CNNVD	id:	CNNVD-201801-428	Trust: 0.1
db:	VULHUB	id:	VHN-106456	Trust: 0.1
db:	CNNVD	id:	CNNVD-201801-423	Trust: 0.1
db:	VULHUB	id:	VHN-106462	Trust: 0.1

REFERENCES

url:	https://github.com/chunibalon/vulnerability/blob/master/cve-2017-15613_to_cve-2017-15637.txt	Trust: 5.1
url:	http://www.securityfocus.com/archive/1/archive/1/541655/100/0/threaded	Trust: 3.0
url:	http://www.securityfocus.com/archive/1/541655/100/0/threaded	Trust: 2.1
url:	http://seclists.org/bugtraq/2018/jan/31	Trust: 0.6

SOURCES

db:	CNVD	id:	CNVD-2018-02034
db:	CNVD	id:	CNVD-2018-01916
db:	CNVD	id:	CNVD-2018-02032
db:	CNVD	id:	CNVD-2018-02027
db:	CNVD	id:	CNVD-2018-02039
db:	CNVD	id:	CNVD-2018-02037
db:	VULHUB	id:	VHN-106472
db:	VULHUB	id:	VHN-106477
db:	VULHUB	id:	VHN-106453
db:	VULHUB	id:	VHN-106456
db:	VULHUB	id:	VHN-106462
db:	CNNVD	id:	CNNVD-201801-431
db:	NVD	id:	CVE-2017-15613

LAST UPDATE DATE

2024-11-20T22:29:10.277000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-02034	date:	2018-01-26T00:00:00
db:	CNVD	id:	CNVD-2018-01916	date:	2018-01-25T00:00:00
db:	CNVD	id:	CNVD-2018-02032	date:	2018-01-26T00:00:00
db:	CNVD	id:	CNVD-2018-02027	date:	2018-01-26T00:00:00
db:	CNVD	id:	CNVD-2018-02039	date:	2018-01-26T00:00:00
db:	CNVD	id:	CNVD-2018-02037	date:	2018-01-26T00:00:00
db:	VULHUB	id:	VHN-106472	date:	2019-10-03T00:00:00
db:	VULHUB	id:	VHN-106477	date:	2019-10-03T00:00:00
db:	VULHUB	id:	VHN-106453	date:	2019-10-03T00:00:00
db:	VULHUB	id:	VHN-106456	date:	2019-10-03T00:00:00
db:	VULHUB	id:	VHN-106462	date:	2019-10-03T00:00:00
db:	CNNVD	id:	CNNVD-201801-431	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-15613	date:	2019-10-03T00:03:26.223

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-02034	date:	2018-01-26T00:00:00
db:	CNVD	id:	CNVD-2018-01916	date:	2018-01-12T00:00:00
db:	CNVD	id:	CNVD-2018-02032	date:	2018-01-26T00:00:00
db:	CNVD	id:	CNVD-2018-02027	date:	2018-01-26T00:00:00
db:	CNVD	id:	CNVD-2018-02039	date:	2018-01-26T00:00:00
db:	CNVD	id:	CNVD-2018-02037	date:	2018-01-12T00:00:00
db:	VULHUB	id:	VHN-106472	date:	2018-01-11T00:00:00
db:	VULHUB	id:	VHN-106477	date:	2018-01-11T00:00:00
db:	VULHUB	id:	VHN-106453	date:	2018-01-11T00:00:00
db:	VULHUB	id:	VHN-106456	date:	2018-01-11T00:00:00
db:	VULHUB	id:	VHN-106462	date:	2018-01-11T00:00:00
db:	CNNVD	id:	CNNVD-201801-431	date:	2018-01-12T00:00:00
db:	NVD	id:	CVE-2017-15613	date:	2018-01-11T16:29:00.407