Command Injection Vulnerability in Multiple TP-Link Products (CNVD-2017-37953)

TP-Link TL-WVR and others are wireless router products from China P&L TP-LINK. A command injection vulnerability exists in multiple TP-Link products. The vulnerability can be exploited by a remote attacker to execute arbitrary commands by sending the admin/bridge command with shell metacharacters...

CVE-2017-16960

This entry (CVE-2017-16960) concerns TP-Link devices TL-WVR, TL-WAR, TL-ER, and TL-R where remote authenticated users can execute arbitrary commands via shell metacharacters in the t_bindif parameter sent to cgi-bin/luci, related to get_device_byif in /usr/lib/lua/luci/controller/admin/interface....