Tp-link - Tl-war1200l Firmware CVE

Filtered by vendor Tp-link Subscribe

Filtered by product Tl-war1200l Firmware

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2017-16959	1 Tp-link	108 Tl-er3210g, Tl-er3210g Firmware, Tl-er3220g and 105 more	2017-12-14	4.0 MEDIUM	6.5 MEDIUM
The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd.

Vulnerabilities (CVE)