There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend...
9.8CVSS
8.9AI Score
0.003EPSS
TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection...
8.8CVSS
8.9AI Score
0.002EPSS
TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection...
8.8CVSS
8.9AI Score
0.002EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_server.lua...
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-tunnelname variable in the pptp_client.lua...
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-workmode variable in the pptp_client.lua...
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-time variable in the webfilter.lua...
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-pns variable in the pptp_client.lua...
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the name variable in the wportal.lua...
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_server.lua...
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-ipgroup variable in the session_limits.lua...
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_server.lua...
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the max_conn variable in the session_limits.lua...
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-remotesubnet variable in the pptp_client.lua...
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_client.lua...
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the iface variable in the interface_wan.lua...
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_client.lua...
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-authtype variable in the pptp_server.lua...
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-olmode variable in the pptp_client.lua...
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_client.lua...
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-zone variable in the ipmac_import.lua...
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the olmode variable in the interface_wan.lua...
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_server.lua...
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-bindif variable in the pptp_server.lua...
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the cmxddns.lua...
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-outif variable in the pptp_client.lua...
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the phddns.lua...
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_client.lua...
7.2CVSS
7.4AI Score
0.001EPSS
The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP...
6.5CVSS
6.3AI Score
0.048EPSS
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/bridge.lua in...
8.8CVSS
8.8AI Score
0.004EPSS
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua...
8.8CVSS
8.8AI Score
0.001EPSS
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in...
8.8CVSS
8.8AI Score
0.002EPSS