Vulnerabilities > CVE-2017-15634 - Unspecified vulnerability in Tp-Link products

047910
CVSS 9.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
tp-link
critical
NVD
Published: 2018-01-11
Updated: 2019-10-03

Summary

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the name variable in the wportal.lua file.

Vulnerable Configurations

Part Description Count
OS
Tp-Link
38
Hardware
Tp-Link
38

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/145823/tplinkmulti-exec.txt
idPACKETSTORM:145823
last seen2018-01-11
published2018-01-11
reporterchunibalon
sourcehttps://packetstormsecurity.com/files/145823/TP-Link-Remote-Command-Injection.html
titleTP-Link Remote Command Injection

References