CVE-2023-31701

Name of the Vulnerable Software and Affected Versions TP-Link TL-WPA4530 KIT versions V2 (EU) 161115 through V2 (EU) 170406

Description The issue is related to Command Injection via the httpRpmPlcDeviceRemove endpoint. It is also associated with the httpRpmPlcDeviceAdd function, where the vulnerability is linked to the lack of data sanitization at the management level. This could allow a remote attacker to execute arbitrary code.

Recommendations For versions V2 (EU) 161115 through V2 (EU) 170406, consider disabling the httpRpmPlcDeviceRemove endpoint as a temporary workaround until a patch is available. Additionally, restricting access to the httpRpmPlcDeviceAdd function may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.