TP-Link Arbitrary Command Execution Vulnerability (CVE-2017-17758) for multiple devices)

TP-Link Arbitrary Command Execution Vulnerability (CVE-2017-17758) for multiple devices)
TP-Link Arbitrary Command Execution Vulnerability (CVE-2017-17758) for multiple devices)

Release date:
Updated on:

Affected Systems:

TP-LINK TL-WVR 900G
TP-LINK TL-WVR 458P
TP-LINK TL-WVR 458L
TP-LINK TL-WVR 458
TP-LINK TL-WVR 450L
TP-LINK TL-WVR 450G
TP-LINK TL-WVR 450
TP-LINK TL-WVR 4300L
TP-LINK TL-WVR 302
TP-LINK TL-WVR 300
TP-LINK TL-WVR 2600L
TP-LINK TL-WVR 1750L
TP-LINK TL-WVR 1300L
TP-LINK TL-WVR 1300G
TP-LINK TL-WVR 1200L
TP-LINK WAR 900L
TP-LINK WAR 458L
TP-LINK WAR 458
TP-LINK WAR 450L
TP-LINK WAR 450
TP-LINK WAR 302
TP-LINK WAR 2600L
TP-LINK WAR 1750L
TP-LINK WAR 1300L
TP-LINK WAR 1200L

Description:

Bugtraq id: 102259
CVE (CAN) ID: CVE-2017-17758

TP-Link is a well-known network and communication equipment supplier.

TP-Link TL-WVR and TL-WAR device in the implementation of arbitrary command execution vulnerability, attackers through the admin/dhcps command interface field, attackers can execute arbitrary commands.

<* Source: Zhaoxin Li
*>

Suggestion:

Vendor patch:

TP-LINK
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.tp-link.com/en/
Https://github.com/L1ZhaoXin/Router-Vulnerability-Research/blob/master/Tplink_LUCI_Dhcps_Authenticated_RCE_Record.txt