Command Injection Vulnerability in TP-Link TL-WPA4530 KIT
CVE-2023-31700

8.8HIGH

Key Information:

Vendor: Tp-link
Status: Tl-WPa4530 Kit Firmware
Vendor: CVE Published:; 17 May 2023

Summary

The TP-Link TL-WPA4530 KIT, particularly the V2 versions 170406 and 161115, is susceptible to command injection through the _httpRpmPlcDeviceAdd endpoint. This vulnerability may allow attackers to execute arbitrary commands on the device, posing serious security risks to the network. Users are advised to review their device configurations and apply necessary security patches or updates.

References

https://github.com/FirmRec/IoT-Vulns/blob/main/tp-link/po...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 17, 2023
Vulnerability Reserved
Apr 29, 2023