Vulnerabilities > CVE-2017-15618 - Unspecified vulnerability in Tp-Link products

047910
CVSS 7.2 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
tp-link
NVD
Published: 2018-01-11
Updated: 2019-10-03

Summary

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_client.lua file.

Vulnerable Configurations

Part Description Count
OS
Tp-Link
38
Hardware
Tp-Link
38

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/145823/tplinkmulti-exec.txt
idPACKETSTORM:145823
last seen2018-01-11
published2018-01-11
reporterchunibalon
sourcehttps://packetstormsecurity.com/files/145823/TP-Link-Remote-Command-Injection.html
titleTP-Link Remote Command Injection

References