Vulnerabilities > CVE-2017-15631 - Unspecified vulnerability in Tp-Link products
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-workmode variable in the pptp_client.lua file.
Vulnerable Configurations
Packetstorm
data source | https://packetstormsecurity.com/files/download/145823/tplinkmulti-exec.txt |
id | PACKETSTORM:145823 |
last seen | 2018-01-11 |
published | 2018-01-11 |
reporter | chunibalon |
source | https://packetstormsecurity.com/files/145823/TP-Link-Remote-Command-Injection.html |
title | TP-Link Remote Command Injection |
References
- http://www.securityfocus.com/archive/1/541655/100/0/threaded
- http://www.securityfocus.com/archive/1/541655/100/0/threaded
- https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt
- https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt