VYPR
High severity8.8NVD Advisory· Published Dec 19, 2017· Updated Jun 17, 2026

CVE-2017-17757

CVE-2017-17757

Description

TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua in uhttpd.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

18
  • cpe:2.3:o:tp-link:tl-war1200l_firmware:-:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:tp-link:tl-war1200l_firmware:-:*:*:*:*:*:*:*
    • cpe:2.3:o:tp-link:tl-wvr1200l_firmware:-:*:*:*:*:*:*:*
    • cpe:2.3:o:tp-link:tl-wvr4300l_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:tp-link:tl-war1300l_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:tp-link:tl-war1750l_firmware:-:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:o:tp-link:tl-war1750l_firmware:-:*:*:*:*:*:*:*
    • cpe:2.3:o:tp-link:tl-war2600l_firmware:-:*:*:*:*:*:*:*
    • cpe:2.3:o:tp-link:tl-war900l_firmware:-:*:*:*:*:*:*:*
    • cpe:2.3:o:tp-link:tl-wvr1300l_firmware:-:*:*:*:*:*:*:*
    • cpe:2.3:o:tp-link:tl-wvr1750l_firmware:-:*:*:*:*:*:*:*
    • cpe:2.3:o:tp-link:tl-wvr2600l_firmware:-:*:*:*:*:*:*:*
    • cpe:2.3:o:tp-link:tl-wvr450l_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:tp-link:tl-war450l_firmware:-:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:tp-link:tl-war450l_firmware:-:*:*:*:*:*:*:*
    • cpe:2.3:o:tp-link:tl-war458l_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:tp-link:tl-wvr458l_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:tp-link:tl-wvr900l_firmware:-:*:*:*:*:*:*:*
  • TP-Link/WVRllm-create
  • TP-Link/WARllm-create
  • TP-Link/uhttpdllm-create

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.