Command Injection Vulnerability in TP-Link Networking Devices
CVE-2017-15630
7.2HIGH
What is CVE-2017-15630?
TP-Link's WVR, WAR, and ER networking devices are prone to command injection due to a flaw in the pptp_client.lua file. This vulnerability enables remote authenticated administrators to execute arbitrary commands by manipulating the new-remotesubnet variable. Exploiting this weakness can lead to unauthorized command execution, potentially compromising network integrity and security.