| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-13186 | Hig | 0.49 | 7.5 | 0.00 | Jan 12, 2018 | A vulnerability in the Android media framework (libavc) related to incorrect use of mmco parameters. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65735716. | ||
| CVE-2017-13184 | Hig | 0.51 | 7.8 | 0.00 | Jan 12, 2018 | In the enableVSyncInjections function of SurfaceFlinger, there is a possible use after free of mVSyncInjector. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is… | ||
| CVE-2017-13183 | Hig | 0.46 | 7.0 | 0.00 | Jan 12, 2018 | In the OMXNodeInstance::useBuffer and IOMX::freeBuffer functions, there is a possible use after free due to a race condition if the user frees the buffer while it's being used in another thread. This could lead to a local elevation of privilege enabling code execution as a… | ||
| CVE-2017-13182 | Hig | 0.51 | 7.8 | 0.00 | Jan 12, 2018 | In the sendFormatChange function of ACodec, there is a possible integer overflow which could lead to an out-of-bounds write. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User… | ||
| CVE-2017-13181 | Hig | 0.51 | 7.8 | 0.00 | Jan 12, 2018 | In the doGetThumb and getThumbnail functions of MtpServer, there is a possible double free due to not NULLing out a freed pointer. This could lead to an local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed.… | ||
| CVE-2017-13180 | Hig | 0.51 | 7.8 | 0.00 | Jan 12, 2018 | In the onQueueFilled function of SoftAVCDec, there is a possible out-of-bounds write due to a use after free if a bad header causes the decoder to get caught in a loop while another thread frees the memory it's accessing. This could lead to a local elevation of privilege… | ||
| CVE-2017-13176 | Hig | 0.57 | 8.8 | 0.01 | Jan 12, 2018 | In the parseURL function of URLStreamHandler, there is improper input validation of the host field. This could lead to a remote elevation of privilege that could enable bypassing user interaction requirements with no additional execution privileges needed. User interaction is… | ||
| CVE-2017-0855 | Hig | 0.49 | 7.5 | 0.02 | Jan 12, 2018 | In MPEG4Extractor.cpp, there are several places where functions return early without cleaning up internal buffers which could lead to memory leaks. This could lead to remote denial of service of a critical system process with no additional execution privileges needed. User… | ||
| CVE-2017-0846 | Hig | 0.49 | 7.5 | 0.00 | Jan 12, 2018 | An information disclosure vulnerability in the Android framework (clipboardservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64934810. | ||
| CVE-2015-9250 | Hig | 0.49 | 7.5 | 0.02 | Jan 12, 2018 | An issue was discovered in Skybox Platform before 7.5.201. Directory Traversal exists in /skyboxview/webskybox/attachmentdownload and /skyboxview/webskybox/filedownload via the tempFileName parameter. | ||
| CVE-2017-16739 | Hig | 0.51 | 7.8 | 0.02 | Jan 12, 2018 | An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. Specially-crafted malicious files may be able to cause stack-based buffer overflow vulnerabilities, which may allow remote code execution. | ||
| CVE-2017-16737 | Hig | 0.51 | 7.8 | 0.01 | Jan 12, 2018 | An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. A specially-crafted malicious file may be able to cause a heap-based buffer overflow vulnerability when opened by a user. | ||
| CVE-2017-14030 | Hig | 0.51 | 7.8 | 0.00 | Jan 12, 2018 | An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path. | ||
| CVE-2017-16886 | Hig | 0.61 | 8.8 | 0.07 | Jan 12, 2018 | The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services via CSRF can result in an unauthorized change of username or password of the administrator of the portal. | ||
| CVE-2016-0335 | Hig | 0.57 | 8.8 | 0.01 | Jan 12, 2018 | Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown… | ||
| CVE-2016-0327 | Hig | 0.51 | 7.8 | 0.00 | Jan 12, 2018 | IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows local users to gain administrator privileges via unspecified vectors. IBM X-Force ID: 111643. | ||
| CVE-2016-0324 | Hig | 0.57 | 8.8 | 0.04 | Jan 12, 2018 | IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to execute arbitrary code with administrator privileges via unspecified vectors. IBM X-Force ID: 111640. | ||
| CVE-2015-3888 | Hig | 0.49 | 7.5 | 0.01 | Jan 12, 2018 | Jolla Sailfish OS before 1.1.2.16 allows remote attackers to spoof phone numbers and trigger calls to arbitrary numbers via spaces in a tel: URL. | ||
| CVE-2015-2298 | Hig | 0.42 | 7.5 | 0.02 | Jan 12, 2018 | node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might allow remote attackers to obtain sensitive information by leveraging an improper substring check when exporting a padID. | ||
| CVE-2014-8166 | Hig | 0.57 | 8.8 | 0.04 | Jan 12, 2018 | The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name. | ||
| CVE-2014-7952 | Hig | 0.51 | 7.8 | 0.00 | Jan 12, 2018 | The backup mechanism in the adb tool in Android might allow attackers to inject additional applications (APKs) and execute arbitrary code by leveraging failure to filter application data streams. | ||
| CVE-2014-6435 | Hig | 0.53 | 7.5 | 0.13 | Jan 12, 2018 | cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check for authentication, which allows remote attackers to cause a denial of service (WAN connectivity reset) via a direct request. | ||
| CVE-2017-0869 | Hig | 0.51 | 7.8 | 0.00 | Jan 12, 2018 | NVIDIA driver contains an integer overflow vulnerability which could cause a use after free and possibly lead to an elevation of privilege enabling code execution as a privileged process. This issue is rated as high. Version: N/A. Android ID: A-37776156. References:… | ||
| CVE-2018-5374 | Hig | 0.57 | 8.8 | 0.01 | Jan 12, 2018 | The Dbox 3D Slider Lite plugin through 1.2.2 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter). | ||
| CVE-2018-5373 | Hig | 0.57 | 8.8 | 0.01 | Jan 12, 2018 | The Smooth Slider plugin through 2.8.6 for WordPress has SQL Injection via smooth-slider.php (trid parameter). | ||
| CVE-2018-5372 | Hig | 0.57 | 8.8 | 0.01 | Jan 12, 2018 | The Testimonial Slider plugin through 1.2.4 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter). | ||
| CVE-2018-5371 | Hig | 0.61 | 8.8 | 0.42 | Jan 12, 2018 | diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices with firmware ME_1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request. | ||
| CVE-2018-5368 | Hig | 0.57 | 8.8 | 0.01 | Jan 12, 2018 | The SrbTransLatin plugin 1.46 for WordPress has CSRF via an srbtranslatoptions action to wp-admin/options-general.php. | ||
| CVE-2018-5361 | — | Hig | 0.57 | 8.8 | 0.01 | Jan 12, 2018 | The WPGlobus plugin 1.9.6 for WordPress has CSRF via wp-admin/options.php. | |
| CVE-2018-5344 | Hig | 0.00 | 7.8 | 0.00 | Jan 12, 2018 | In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact. | ||
| CVE-2018-5327 | Hig | 0.49 | 7.5 | 0.01 | Jan 12, 2018 | Cheetah Mobile Armorfly Browser & Downloader 1.1.05.0010, when installed on unspecified "older" Android platforms, allows Same Origin Policy Bypass. | ||
| CVE-2018-5326 | Hig | 0.49 | 7.5 | 0.01 | Jan 12, 2018 | Cheetah Mobile CM Browser 5.22.06.0012, when installed on unspecified "older" Android platforms, allows Same Origin Policy Bypass. | ||
| CVE-2017-16736 | Hig | 0.49 | 7.5 | 0.02 | Jan 12, 2018 | An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows a remote attacker to upload arbitrary files. | ||
| CVE-2018-5345 | Hig | 0.51 | 7.8 | 0.02 | Jan 12, 2018 | A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file. | ||
| CVE-2018-5336 | Hig | 0.49 | 7.5 | 0.03 | Jan 11, 2018 | In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth. | ||
| CVE-2012-0699 | Hig | 0.60 | 8.8 | 0.04 | Jan 11, 2018 | Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or (2) add a prayer via an… | ||
| CVE-2018-5189 | Hig | 0.54 | 7.8 | 0.01 | Jan 11, 2018 | Race condition in Jungo Windriver 12.5.1 allows local users to cause a denial of service (buffer overflow) or gain system privileges by flipping pool buffer size, aka a "double fetch" vulnerability. | ||
| CVE-2017-15637 | Hig | 0.47 | 7.2 | 0.04 | Jan 11, 2018 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_server.lua file. | ||
| CVE-2017-15636 | Hig | 0.47 | 7.2 | 0.04 | Jan 11, 2018 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-time variable in the webfilter.lua file. | ||
| CVE-2017-15635 | Hig | 0.47 | 7.2 | 0.04 | Jan 11, 2018 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the max_conn variable in the session_limits.lua file. | ||
| CVE-2017-15634 | Hig | 0.47 | 7.2 | 0.04 | Jan 11, 2018 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the name variable in the wportal.lua file. | ||
| CVE-2017-15633 | Hig | 0.47 | 7.2 | 0.04 | Jan 11, 2018 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-ipgroup variable in the session_limits.lua file. | ||
| CVE-2017-15632 | Hig | 0.47 | 7.2 | 0.03 | Jan 11, 2018 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_server.lua file. | ||
| CVE-2017-15631 | Hig | 0.47 | 7.2 | 0.04 | Jan 11, 2018 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-workmode variable in the pptp_client.lua file. | ||
| CVE-2017-15630 | Hig | 0.47 | 7.2 | 0.04 | Jan 11, 2018 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-remotesubnet variable in the pptp_client.lua file. | ||
| CVE-2017-15629 | Hig | 0.47 | 7.2 | 0.04 | Jan 11, 2018 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-tunnelname variable in the pptp_client.lua file. | ||
| CVE-2017-15628 | Hig | 0.47 | 7.2 | 0.04 | Jan 11, 2018 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_server.lua file. | ||
| CVE-2017-15627 | Hig | 0.47 | 7.2 | 0.04 | Jan 11, 2018 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-pns variable in the pptp_client.lua file. | ||
| CVE-2017-15626 | Hig | 0.47 | 7.2 | 0.04 | Jan 11, 2018 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-bindif variable in the pptp_server.lua file. | ||
| CVE-2017-15625 | Hig | 0.47 | 7.2 | 0.04 | Jan 11, 2018 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-olmode variable in the pptp_client.lua file. |
- risk 0.49cvss 7.5epss 0.00
A vulnerability in the Android media framework (libavc) related to incorrect use of mmco parameters. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65735716.
- risk 0.51cvss 7.8epss 0.00
In the enableVSyncInjections function of SurfaceFlinger, there is a possible use after free of mVSyncInjector. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is…
- risk 0.46cvss 7.0epss 0.00
In the OMXNodeInstance::useBuffer and IOMX::freeBuffer functions, there is a possible use after free due to a race condition if the user frees the buffer while it's being used in another thread. This could lead to a local elevation of privilege enabling code execution as a…
- risk 0.51cvss 7.8epss 0.00
In the sendFormatChange function of ACodec, there is a possible integer overflow which could lead to an out-of-bounds write. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User…
- risk 0.51cvss 7.8epss 0.00
In the doGetThumb and getThumbnail functions of MtpServer, there is a possible double free due to not NULLing out a freed pointer. This could lead to an local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed.…
- risk 0.51cvss 7.8epss 0.00
In the onQueueFilled function of SoftAVCDec, there is a possible out-of-bounds write due to a use after free if a bad header causes the decoder to get caught in a loop while another thread frees the memory it's accessing. This could lead to a local elevation of privilege…
- risk 0.57cvss 8.8epss 0.01
In the parseURL function of URLStreamHandler, there is improper input validation of the host field. This could lead to a remote elevation of privilege that could enable bypassing user interaction requirements with no additional execution privileges needed. User interaction is…
- risk 0.49cvss 7.5epss 0.02
In MPEG4Extractor.cpp, there are several places where functions return early without cleaning up internal buffers which could lead to memory leaks. This could lead to remote denial of service of a critical system process with no additional execution privileges needed. User…
- risk 0.49cvss 7.5epss 0.00
An information disclosure vulnerability in the Android framework (clipboardservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64934810.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in Skybox Platform before 7.5.201. Directory Traversal exists in /skyboxview/webskybox/attachmentdownload and /skyboxview/webskybox/filedownload via the tempFileName parameter.
- risk 0.51cvss 7.8epss 0.02
An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. Specially-crafted malicious files may be able to cause stack-based buffer overflow vulnerabilities, which may allow remote code execution.
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. A specially-crafted malicious file may be able to cause a heap-based buffer overflow vulnerability when opened by a user.
- risk 0.51cvss 7.8epss 0.00
An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path.
- risk 0.61cvss 8.8epss 0.07
The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services via CSRF can result in an unauthorized change of username or password of the administrator of the portal.
- risk 0.57cvss 8.8epss 0.01
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown…
- risk 0.51cvss 7.8epss 0.00
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows local users to gain administrator privileges via unspecified vectors. IBM X-Force ID: 111643.
- risk 0.57cvss 8.8epss 0.04
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to execute arbitrary code with administrator privileges via unspecified vectors. IBM X-Force ID: 111640.
- risk 0.49cvss 7.5epss 0.01
Jolla Sailfish OS before 1.1.2.16 allows remote attackers to spoof phone numbers and trigger calls to arbitrary numbers via spaces in a tel: URL.
- risk 0.42cvss 7.5epss 0.02
node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might allow remote attackers to obtain sensitive information by leveraging an improper substring check when exporting a padID.
- risk 0.57cvss 8.8epss 0.04
The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name.
- risk 0.51cvss 7.8epss 0.00
The backup mechanism in the adb tool in Android might allow attackers to inject additional applications (APKs) and execute arbitrary code by leveraging failure to filter application data streams.
- risk 0.53cvss 7.5epss 0.13
cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check for authentication, which allows remote attackers to cause a denial of service (WAN connectivity reset) via a direct request.
- risk 0.51cvss 7.8epss 0.00
NVIDIA driver contains an integer overflow vulnerability which could cause a use after free and possibly lead to an elevation of privilege enabling code execution as a privileged process. This issue is rated as high. Version: N/A. Android ID: A-37776156. References:…
- risk 0.57cvss 8.8epss 0.01
The Dbox 3D Slider Lite plugin through 1.2.2 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter).
- risk 0.57cvss 8.8epss 0.01
The Smooth Slider plugin through 2.8.6 for WordPress has SQL Injection via smooth-slider.php (trid parameter).
- risk 0.57cvss 8.8epss 0.01
The Testimonial Slider plugin through 1.2.4 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter).
- risk 0.61cvss 8.8epss 0.42
diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices with firmware ME_1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request.
- risk 0.57cvss 8.8epss 0.01
The SrbTransLatin plugin 1.46 for WordPress has CSRF via an srbtranslatoptions action to wp-admin/options-general.php.
- risk 0.57cvss 8.8epss 0.01
The WPGlobus plugin 1.9.6 for WordPress has CSRF via wp-admin/options.php.
- risk 0.00cvss 7.8epss 0.00
In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.
- risk 0.49cvss 7.5epss 0.01
Cheetah Mobile Armorfly Browser & Downloader 1.1.05.0010, when installed on unspecified "older" Android platforms, allows Same Origin Policy Bypass.
- risk 0.49cvss 7.5epss 0.01
Cheetah Mobile CM Browser 5.22.06.0012, when installed on unspecified "older" Android platforms, allows Same Origin Policy Bypass.
- risk 0.49cvss 7.5epss 0.02
An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows a remote attacker to upload arbitrary files.
- risk 0.51cvss 7.8epss 0.02
A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.
- risk 0.49cvss 7.5epss 0.03
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth.
- risk 0.60cvss 8.8epss 0.04
Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or (2) add a prayer via an…
- risk 0.54cvss 7.8epss 0.01
Race condition in Jungo Windriver 12.5.1 allows local users to cause a denial of service (buffer overflow) or gain system privileges by flipping pool buffer size, aka a "double fetch" vulnerability.
- risk 0.47cvss 7.2epss 0.04
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_server.lua file.
- risk 0.47cvss 7.2epss 0.04
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-time variable in the webfilter.lua file.
- risk 0.47cvss 7.2epss 0.04
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the max_conn variable in the session_limits.lua file.
- risk 0.47cvss 7.2epss 0.04
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the name variable in the wportal.lua file.
- risk 0.47cvss 7.2epss 0.04
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-ipgroup variable in the session_limits.lua file.
- risk 0.47cvss 7.2epss 0.03
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_server.lua file.
- risk 0.47cvss 7.2epss 0.04
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-workmode variable in the pptp_client.lua file.
- risk 0.47cvss 7.2epss 0.04
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-remotesubnet variable in the pptp_client.lua file.
- risk 0.47cvss 7.2epss 0.04
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-tunnelname variable in the pptp_client.lua file.
- risk 0.47cvss 7.2epss 0.04
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_server.lua file.
- risk 0.47cvss 7.2epss 0.04
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-pns variable in the pptp_client.lua file.
- risk 0.47cvss 7.2epss 0.04
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-bindif variable in the pptp_server.lua file.
- risk 0.47cvss 7.2epss 0.04
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-olmode variable in the pptp_client.lua file.