CVE-2017-15623
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
11/01/2018
Last modified:
03/10/2019
Description
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_server.lua file.
Impact
Base Score 3.x
7.20
Severity 3.x
HIGH
Base Score 2.0
9.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:tp-link:er5110g_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:tp-link:er5110g:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:tp-link:er5120g_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:tp-link:er5120g:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:tp-link:er5510g_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:tp-link:er5510g:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:tp-link:er5520g_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:tp-link:er5520g:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:tp-link:r4149g_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:tp-link:r4149g:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:tp-link:r4239g_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:tp-link:r4239g:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:tp-link:r4299g_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:tp-link:r4299g:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:tp-link:r473gp-ac_firmware:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page