Published: 06/02/2024 Updated: 09/02/2024

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 0

A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability and gain access to an unrestricted shell.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tp-link er7206_firmware 1.3.0

Check Point Reference: CPAI-2023-1580 Date Published: 12 Mar 2024 Severity: High ...

CWE-78 https://talosintelligence.com/vulnerability_reports/TALOS-2023-1853 https://nvd.nist.gov https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2023-1580.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-36498

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect