Command injection

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-workmode variable in the pptpclient.lua file...

CVE-2017-15631

CVE-2017-15631 affects TP-Link WVR, WAR and ER devices. A vulnerability in the pptp_client.lua module allows a remote authenticated administrator to execute arbitrary commands via the new-workmode variable (command injection). According to the provided metrics, the CVSSv3 base score is 7.2 (HIGH)...

CVE-2017-15615

Technical details about CVE-2017-15615 are not publicly provided in the supplied connected documents. Monitor for updates from ENISA EUVD entries; no vendor/product/version mappings or fixes are described here.

CVE-2017-15625

CVE-2017-15625 affects TP-Link WVR, WAR and ER devices. The issue is a command injection in the pptp_client.lua file via the new-olmode variable, exploitable by remote authenticated administrators to execute arbitrary commands. The description indicates a high-severity impact with potential confi...

CVE-2017-15629

Technical details for CVE-2017-15629 are not publicly available in the provided documents. Monitor for updates; the connected EUVD entries reference malware but do not supply CVE specifics.

CVE-2017-15629

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-tunnelname variable in the pptpclient.lua file...

CVE-2017-15619

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptpclient.lua file...

CVE-2017-15631

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-workmode variable in the pptpclient.lua file...

CVE-2017-15625

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-olmode variable in the pptpclient.lua file...

CVE-2017-15618

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptpclient.lua file...

CVE-2017-15627

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-pns variable in the pptpclient.lua file...

CVE-2017-15630

Technical details beyond the initial description are not publicly available in the provided connected documents. Monitor for updates.

CVE-2017-15614

Technical details about CVE-2017-15614 are not publicly available in the provided connected documents. The EUVD entries describe malware named 'sbrugna' but do not elaborate on affected products, versions, or root cause. Monitor for updates.

CVE-2017-15618

CVE-2017-15618 affects TP-Link WVR, WAR and ER devices. A remote authenticated administrator can run arbitrary commands through a command injection in the pptp_client.lua file, via the new-enable variable. The description specifies remote command execution with HIGH impact on confidentiality, int...

CVE-2017-15630

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-remotesubnet variable in the pptpclient.lua file...

CVE-2017-15622

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptpclient.lua file...