TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-authtype variable in the pptp_server.lua file.
CPE | Name | Operator | Version |
---|---|---|---|
wvr450l_firmware | eq | 1.0161125 | |
wvr900g_firmware | eq | 3.0.170306 |