GCVE - cpe:2.3:o:tp-link:tl-wvr302_firmware:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:tp-link:tl-wvr302_firmware:-:*:*:*:*:*:*:*

part: o version: - update: *

Vendor	Tp Link (`0b2e1553-ac8b-5981-a60b-ca6c27ee3a6e`)
Product	Tl Wvr302 Firmware (`184a312a-d6ed-5fcc-a4db-32780385243f`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-16959`	vulnerable	2026-06-03 14:36:53.725918	Details available The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd. Published: 2017-11-27T10:00:00.000Z Updated: 2024-08-05T20:43:57.857Z Open on db.gcve.eu Reference links https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkLocalePathDisclosure.txt	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-16958`	vulnerable	2026-06-03 14:36:53.722605	Details available TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/bridge.lua in uhttpd. Published: 2017-11-27T10:00:00.000Z Updated: 2024-08-05T20:43:57.837Z Open on db.gcve.eu Reference links https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkBridgeAuthenticatedRCE.txt	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-16957`	vulnerable	2026-06-03 14:36:53.668748	Details available TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd. Published: 2017-11-27T10:00:00.000Z Updated: 2024-08-05T20:43:57.829Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/101968 https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkDiagnosticAuthenticatedRCE.txt	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.