1 results (0.004 seconds)
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 1
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 1CVE-2023-31756
https://notcve.org/view.php?id=CVE-2023-31756
A command injection vulnerability exists in the administrative web portal in TP-Link Archer VR1600V devices running firmware Versions <= 0.1.0. 0.9.1 v5006.0 Build 220518 Rel.32480n which allows remote attackers, authenticated to the administrative web portal as an administrator user to open an operating system level shell via the 'X_TP_IfName' parameter. • https://stanleyjobsonau.github.io/tp-link-advisory.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •