TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-tunnelname variable in the pptp_client.lua file.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Er5110g_firmware | Tp-link | - (including) | - (including) |