CVE-2018-11481

2018-05-30T21:29:00
ID CVE-2018-11481
Type cve
Reporter cve@mitre.org
Modified 2018-07-05T16:43:00

Description

TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters.