Unrated severityNVD Advisory· Published Jan 11, 2018· Updated Aug 5, 2024

CVE-2017-15634

Description

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the name variable in the wportal.lua file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

TP-Link WVR, WAR, and ER devices are vulnerable to authenticated remote command injection via the name parameter in wportal.lua, allowing arbitrary OS commands.

Vulnerability

A command injection vulnerability exists in the wportal.lua file of TP-Link WVR, WAR, and ER series devices. The name variable is not sanitized before being passed to a command execution function. Affected firmware versions are not specified in the public advisory [1], but the vulnerability is confirmed across multiple device families.

Exploitation

An authenticated remote administrator with access to the device's web interface can exploit this by sending a crafted POST request to the vulnerable endpoint, injecting OS commands into the name parameter. No additional privileges or user interaction is required beyond valid admin credentials [1].

Impact

Successful exploitation allows the attacker to execute arbitrary commands on the underlying operating system with root privileges, leading to full compromise of the device (confidentiality, integrity, and availability) [1].

Mitigation

As of the publication date (2018-01-11), no official firmware patch has been released by TP-Link. Affected users should restrict administrative access to trusted networks only and monitor for vendor updates. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog [1].

References

Vulnerability/CVE-2017-15613_to_CVE-2017-15637.txt at master · chunibalon/Vulnerability

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

TP-Link/WVRllm-create
TP-Link/WARllm-create
TP-Link/ERllm-create

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/archive/1/541655/100/0/threadedmitremailing-listx_refsource_BUGTRAQ
github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txtmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000