Description
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_server.lua file.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt
Exploit, Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/541655/100/0/threaded
Scores
CVSS v3
7.2
EPSS
0.0088
EPSS Percentile
75.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (38)
tp-link/er5110g_firmware
tp-link/er5120g_firmware
tp-link/er5510g_firmware
tp-link/er5520g_firmware
tp-link/r4149g_firmware
tp-link/r4239g_firmware
tp-link/r4299g_firmware
tp-link/r473_firmware
tp-link/r473g_firmware
tp-link/r473gp-ac_firmware
... and 28 more
Published
Jan 11, 2018
Tracked Since
Feb 18, 2026