2 matches found
CVE-2018-11481
TP-LINK IPC TL-IPC223P-6, TL-IPC323K-D, TL-IPC325KP-, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters...
CVE-2018-11481
CVE-2018-11481 affects TP-LINK IP cameras TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4. The vulnerability enables authenticated remote code execution via crafted JSON data because the Lua validator at /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation ...