TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_bydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua in uhttpd.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
tp-link tl-wvr450l_firmware - |
||
tp-link tl-wvr458l_firmware - |
||
tp-link tl-wvr900l_firmware - |
||
tp-link tl-wvr1200l_firmware - |
||
tp-link tl-wvr1300l_firmware - |
||
tp-link tl-wvr1750l_firmware - |
||
tp-link tl-wvr2600l_firmware - |
||
tp-link tl-wvr4300l_firmware - |
||
tp-link tl-war450l_firmware - |
||
tp-link tl-war458l_firmware - |
||
tp-link tl-war900l_firmware - |
||
tp-link tl-war1200l_firmware - |
||
tp-link tl-war1300l_firmware - |
||
tp-link tl-war1750l_firmware - |
||
tp-link tl-war2600l_firmware - |