Description
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101968
Exploit, Third Party Advisory x_refsource_misc
https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkDiagnosticAuthenticatedRCE.txt
Scores
CVSS v3
8.8
EPSS
0.0289
EPSS Percentile
86.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (50)
tp-link/tl-er3210g_firmware
tp-link/tl-er3220g_firmware
tp-link/tl-er5110g_firmware
tp-link/tl-er5120g_firmware
tp-link/tl-er5510g_firmware
tp-link/tl-er5520g_firmware
tp-link/tl-er6110g_firmware
tp-link/tl-er6120g_firmware
tp-link/tl-er6220g_firmware
tp-link/tl-er6510g_firmware
... and 40 more
Published
Nov 27, 2017
Tracked Since
Feb 18, 2026