TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
tp-link ipc_tl-ipc223\\(p\\)-6_firmware |
||
tp-link tl-ipc323k-d_firmware |
||
tp-link tl-ipc325\\(kp\\)_firmware |
||
tp-link tl-ipc40a-4_firmware |
Vulmon