Command Injection Vulnerability in TP-Link WVR, WAR, and ER Devices via wportal.lua File

Command Injection Vulnerability in TP-Link WVR, WAR, and ER Devices via wportal.lua File

CVE-2017-15634 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the name variable in the wportal.lua file.

Learn more about our Web Application Penetration Testing UK.