3 matches found
CVE-2017-15627
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-pns variable in the pptpclient.lua file...
CVE-2017-15627
CVE-2017-15627 affects TP-Link WVR, WAR and ER devices. The issue is a command injection in the pptp_client.lua file via the new-pns variable, exploitable by remote authenticated administrators. CVSSv3 base score 7.2 (HIGH); attack vector NETWORK, attack complexity LOW, privileges required HIGH, ...
TP-Link Remote Command Injection
Introduction: ================ The WVR-, WAR- and ER- products are the SOHO/WIFI routers of TP-Link. These issues allow remote authenticated administrators to execute arbitrary commands via command injection through different variables of different lua files. If the attacker obtains the account a...