Vulnerabilities > TP Link > TL War302 Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-11-27 CVE-2017-16959 Path Traversal vulnerability in Tp-Link products
The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd.
network
low complexity
tp-link CWE-22
6.5