Vulnerability Description
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-outif variable in the pptp_client.lua file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tp-Link | Er5110G Firmware | - |
| Tp-Link | Er5110G | - |
| Tp-Link | Er5120G Firmware | - |
| Tp-Link | Er5120G | - |
| Tp-Link | Er5510G Firmware | - |
| Tp-Link | Er5510G | - |
| Tp-Link | Er5520G Firmware | - |
| Tp-Link | Er5520G | - |
| Tp-Link | R4149G Firmware | - |
| Tp-Link | R4149G | - |
| Tp-Link | R4239G Firmware | - |
| Tp-Link | R4239G | - |
| Tp-Link | R4299G Firmware | - |
| Tp-Link | R4299G | - |
| Tp-Link | R473Gp-Ac Firmware | - |
| Tp-Link | R473Gp-Ac | - |
| Tp-Link | R473G Firmware | - |
| Tp-Link | R473G | - |
| Tp-Link | R473P-Ac Firmware | - |
| Tp-Link | R473P-Ac | - |
References
- http://www.securityfocus.com/archive/1/541655/100/0/threadedExploitThird Party AdvisoryVDB Entry
- https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-20ExploitThird Party Advisory
- http://www.securityfocus.com/archive/1/541655/100/0/threadedExploitThird Party AdvisoryVDB Entry
- https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-20ExploitThird Party Advisory
FAQ
What is CVE-2017-15614?
CVE-2017-15614 is a vulnerability with a CVSS score of 7.2 (HIGH). TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-outif variable in the pptp_client.lua file.
How severe is CVE-2017-15614?
CVE-2017-15614 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-15614?
Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Er5110G Firmware, Tp-Link Er5110G, Tp-Link Er5120G Firmware, Tp-Link Er5120G, Tp-Link Er5510G Firmware.