VYPR

WVR

by TP-Link

CVEs (24)

  • CVE-2017-15616HigJan 11, 2018
    risk 0.47cvss 7.2epss 0.04

    TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the phddns.lua file.

  • CVE-2017-15615HigJan 11, 2018
    risk 0.47cvss 7.2epss 0.04

    TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_client.lua file.

  • CVE-2017-15614HigJan 11, 2018
    risk 0.47cvss 7.2epss 0.04

    TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-outif variable in the pptp_client.lua file.

  • CVE-2017-16959MedNov 27, 2017
    risk 0.42cvss 6.5epss 0.02

    The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted…

Page 2 of 2