Command Injection Vulnerability in TP-Link Networking Devices
CVE-2017-15631
7.2HIGH
What is CVE-2017-15631?
TP-Link devices including WVR, WAR, and ER series may be susceptible to command injection that allows authenticated remote administrators to execute arbitrary commands. This vulnerability revolves around the 'new-workmode' variable defined in the pptp_client.lua file. By manipulating this variable, attackers can gain unauthorized command execution capabilities, which poses significant risks to device integrity and overall network security.