Vulnerabilities > CVE-2017-15625 - Unspecified vulnerability in Tp-Link products

047910
CVSS 9.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
tp-link
critical

Summary

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-olmode variable in the pptp_client.lua file.

Vulnerable Configurations

Part Description Count
OS
Tp-Link
38
Hardware
Tp-Link
38

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/145823/tplinkmulti-exec.txt
idPACKETSTORM:145823
last seen2018-01-11
published2018-01-11
reporterchunibalon
sourcehttps://packetstormsecurity.com/files/145823/TP-Link-Remote-Command-Injection.html
titleTP-Link Remote Command Injection