Vulnerabilities > CVE-2017-15632 - Unspecified vulnerability in Tp-Link products
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_server.lua file.
Vulnerable Configurations
Packetstorm
| data source | https://packetstormsecurity.com/files/download/145823/tplinkmulti-exec.txt |
| id | PACKETSTORM:145823 |
| last seen | 2018-01-11 |
| published | 2018-01-11 |
| reporter | chunibalon |
| source | https://packetstormsecurity.com/files/145823/TP-Link-Remote-Command-Injection.html |
| title | TP-Link Remote Command Injection |
References
- http://www.securityfocus.com/archive/1/541655/100/0/threaded
- http://www.securityfocus.com/archive/1/541655/100/0/threaded
- https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt
- https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt