Shodan
Vulnerabilities
Vulnerable Software
Tp-Link:  >> Wvr900g Firmware  >> 3.0_170306  Security Vulnerabilities
CVE-2017-15627
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-pns variable in the pptp_client.lua file.
CVSS Score
7.2
EPSS Score
0.015
Published
2018-01-11
CVE-2017-15628
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_server.lua file.
CVSS Score
7.2
EPSS Score
0.015
Published
2018-01-11
CVE-2017-15629
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-tunnelname variable in the pptp_client.lua file.
CVSS Score
7.2
EPSS Score
0.015
Published
2018-01-11
CVE-2017-15630
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-remotesubnet variable in the pptp_client.lua file.
CVSS Score
7.2
EPSS Score
0.015
Published
2018-01-11
CVE-2017-15631
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-workmode variable in the pptp_client.lua file.
CVSS Score
7.2
EPSS Score
0.015
Published
2018-01-11
CVE-2017-15632
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_server.lua file.
CVSS Score
7.2
EPSS Score
0.009
Published
2018-01-11
CVE-2017-15633
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-ipgroup variable in the session_limits.lua file.
CVSS Score
7.2
EPSS Score
0.015
Published
2018-01-11
CVE-2017-15634
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the name variable in the wportal.lua file.
CVSS Score
7.2
EPSS Score
0.015
Published
2018-01-11
CVE-2017-15635
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the max_conn variable in the session_limits.lua file.
CVSS Score
7.2
EPSS Score
0.015
Published
2018-01-11
CVE-2017-15636
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-time variable in the webfilter.lua file.
CVSS Score
7.2
EPSS Score
0.013
Published
2018-01-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved