Command Injection Vulnerability in TP-Link WVR, WAR, and ER Devices
CVE-2017-15619
7.2HIGH
What is CVE-2017-15619?
TP-Link WVR, WAR, and ER devices are susceptible to a command injection vulnerability. This issue arises from improper handling of the pptphellointerval variable in the pptp_client.lua file. An attacker with remote authenticated access can exploit this weakness to execute arbitrary commands on the affected devices, potentially compromising their integrity and confidentiality.