There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.

TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point.

TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points.

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the phddns.lua file.

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_client.lua file.

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the name variable in the wportal.lua file.

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the iface variable in the interface_wan.lua file.

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_server.lua file.

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_server.lua file.

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-zone variable in the ipmac_import.lua file.