The Vulnerability

**Name of the Vulnerable Software and Affected Versions** Tp-Link ER7206 Omada Gigabit VPN Router version 1.4.1 Build 20240117 Rel.57421 **Description** A leftover debug code vulnerability exists in the cli server debug functionality. This issue can be triggered by a specially crafted series of network requests, leading to arbitrary command execution. An attacker can exploit this by sending a sequence of requests. **Recommendations** For Tp-Link ER7206 Omada Gigabit VPN Router version 1.4.1 Build 20240117 Rel.57421, consider disabling the cli server debug functionality as a temporary workaround until a patch is available. Restrict access to the debug functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) version 5.1.0 Build 20220926 Tp-Link EAP115 version 5.0.4 Build 20220216 **Description** A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality. This issue can be triggered by a specially crafted series of HTTP requests, potentially leading to remote code execution. The vulnerability is specifically related to the overflow that occurs via the `ssid` parameter. An attacker can exploit this vulnerability by making an authenticated HTTP request. **Recommendations** For Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) version 5.1.0 Build 20220926, consider disabling the Radio Scheduling functionality until a patch is available. For Tp-Link EAP115 version 5.0.4 Build 20220216, restrict access to the `httpd` binary to minimize the risk of exploitation. As a temporary workaround, avoid using the `ssid` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tp-Link ER7206 Omada Gigabit VPN Router version 1.3.0 build 20230322 Rel.70591 **Description** A post authentication command injection issue exists in the GRE policy functionality. This can be exploited by sending a specially crafted HTTP request, potentially allowing a remote attacker to execute arbitrary commands. The issue is related to the web server uHTTPd and can be triggered through ports 80/443. **Recommendations** For Tp-Link ER7206 Omada Gigabit VPN Router version 1.3.0 build 20230322 Rel.70591, consider restricting access to the GRE policy functionality until a patch is available. As a temporary workaround, limit the use of HTTP requests to trusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TP-Link ER7206 Omada Gigabit VPN Router version 1.3.0 build 20230322 Rel.70591 **Description** A post authentication command injection issue exists due to the lack of neutralization of special elements. This can be exploited by a remote attacker to execute arbitrary commands via ports 80/443 by making a specially crafted HTTP request. The vulnerability is related to configuring the web group member. **Recommendations** For TP-Link ER7206 Omada Gigabit VPN Router version 1.3.0 build 20230322 Rel.70591, consider restricting access to the web group member configuration until a patch is available. As a temporary workaround, avoid using the vulnerable configuration options to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TP-Link ER7206 Omada Gigabit VPN Router version 1.3.0 build 20230322 Rel.70591 **Description** A post authentication command injection issue exists when configuring the WireGuard VPN functionality. This can be exploited by sending a specially crafted HTTP request, potentially allowing a remote attacker to execute arbitrary commands. The issue is triggered through ports 80/443. **Recommendations** For TP-Link ER7206 Omada Gigabit VPN Router version 1.3.0 build 20230322 Rel.70591, consider disabling the WireGuard VPN functionality until a patch is available to prevent exploitation. Restrict access to ports 80/443 to minimize the risk of arbitrary command injection. As a temporary workaround, limit the use of the HTTP request functionality related to WireGuard VPN configuration. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tp-Link ER7206 Omada Gigabit VPN Router version 1.3.0 build 20230322 Rel.70591 **Description** A post authentication command execution issue exists in the web filtering functionality due to the lack of neutralization of special elements. This can allow a remote attacker to execute arbitrary commands through port 80/443 by making an authenticated HTTP request. **Recommendations** For Tp-Link ER7206 Omada Gigabit VPN Router version 1.3.0 build 20230322 Rel.70591, consider disabling the web filtering functionality as a temporary workaround until a patch is available. Restrict access to port 80/443 to minimize the risk of exploitation. Avoid using the vulnerable web filtering functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tp-Link ER7206 Omada Gigabit VPN Router version 1.3.0 build 20230322 Rel.70591 **Description** A post authentication command injection issue exists when setting up the PPTP global configuration. This can be triggered by a specially crafted HTTP request, allowing an attacker to execute arbitrary commands. The vulnerability can be exploited through ports 80/443. **Recommendations** For Tp-Link ER7206 Omada Gigabit VPN Router version 1.3.0 build 20230322 Rel.70591, as a temporary workaround, consider restricting access to the PPTP global configuration setup until a patch is available. Avoid making authenticated HTTP requests to vulnerable endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tp-Link ER7206 Omada Gigabit VPN Router version 1.3.0 build 20230322 Rel.70591 **Description** A command execution vulnerability exists in the guest resource functionality. This issue can be triggered by a specially crafted HTTP request, allowing an attacker to execute arbitrary commands. The vulnerability can be exploited by making an authenticated HTTP request. **Recommendations** For Tp-Link ER7206 Omada Gigabit VPN Router version 1.3.0 build 20230322 Rel.70591, consider disabling the guest resource functionality until a patch is available. Restrict access to the vulnerable functionality to minimize the risk of exploitation. Avoid using the vulnerable HTTP request functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tp-Link ER7206 Omada Gigabit VPN Router version 1.3.0 build 20230322 Rel.70591 **Description** A post-authentication command injection vulnerability exists in the PPTP client functionality. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability and gain access to an unrestricted shell. The vulnerability can be exploited by sending a crafted request to port 80/443, allowing a remote attacker to execute arbitrary commands. **Recommendations** For Tp-Link ER7206 Omada Gigabit VPN Router version 1.3.0 build 20230322 Rel.70591, consider disabling the PPTP client functionality until a patch is available to prevent exploitation. Restrict access to port 80/443 to minimize the risk of exploitation. Avoid using the PPTP client functionality in the affected router until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tp-Link ER7206 Omada Gigabit VPN Router version 1.3.0 build 20230322 Rel.70591 **Description** A post authentication command injection issue exists in the ipsec policy functionality. This can be triggered by a specially crafted HTTP request, allowing an attacker to inject arbitrary commands. The vulnerability can be exploited by making an authenticated HTTP request. **Recommendations** For Tp-Link ER7206 Omada Gigabit VPN Router version 1.3.0 build 20230322 Rel.70591, consider disabling the ipsec policy functionality until a patch is available. Restrict access to the HTTP request functionality to minimize the risk of exploitation. Avoid using the vulnerable HTTP request functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) version 5.1.0 Build 20220926 Tp-Link N300 Wireless Access Point (EAP115 V4) version 5.0.4 Build 20220216 **Description** A command execution vulnerability exists in the tddpd enable test mode functionality. This issue can be exploited by sending a specially crafted series of network requests, leading to arbitrary command execution. An attacker can trigger this vulnerability by sending a sequence of unauthenticated packets. The vulnerability impacts `uclited` on the affected devices. **Recommendations** For Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) version 5.1.0 Build 20220926, consider disabling the tddpd enable test mode functionality until a patch is available. For Tp-Link N300 Wireless Access Point (EAP115 V4) version 5.0.4 Build 20220216, restrict access to the `uclited` component to minimize the risk of exploitation. As a temporary workaround, consider blocking unauthenticated packets to the affected devices until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) version 5.1.0 Build 20220926 Tp-Link EAP115 version 5.0.4 Build 20220216 **Description** A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality. This issue can be triggered by a specially crafted series of HTTP requests, potentially leading to remote code execution. The vulnerability is specifically related to the overflow that occurs via the `profile` parameter at offset `0x4224b0` of the `httpd` binary. An attacker can exploit this vulnerability by making an authenticated HTTP request. **Recommendations** For Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) version 5.1.0 Build 20220926, consider disabling the Radio Scheduling functionality until a patch is available. For Tp-Link EAP115 version 5.0.4 Build 20220216, restrict access to the `httpd` binary to minimize the risk of exploitation. As a temporary workaround, consider restricting the use of the `profile` parameter in the affected HTTP requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) version 5.1.0 Build 20220926 **Description** A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality. This issue can be triggered by a specially crafted series of HTTP requests, potentially leading to remote code execution. The vulnerability is specifically related to the overflow that occurs via the `ssid` parameter at offset `0x0045ab7c` of the `httpd portal` binary. An attacker can exploit this vulnerability by making an authenticated HTTP request. **Recommendations** As a temporary workaround, consider disabling the Radio Scheduling functionality until a patch is available. Restrict access to the `httpd portal` binary to minimize the risk of exploitation. Avoid using the `ssid` parameter in the affected HTTP requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) version 5.1.0 Build 20220926 **Description** A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality. This issue is related to the overflow that occurs via the `band` parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability, potentially allowing remote code execution through specially crafted HTTP requests. **Recommendations** For Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) version 5.1.0 Build 20220926, consider disabling the Radio Scheduling functionality until a patch is available. Restrict access to the `httpd portal` binary to minimize the risk of exploitation. Avoid using the `band` parameter in the affected HTTP requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) version 5.1.0 Build 20220926 **Description** A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality. This issue is related to the overflow that occurs via the `profile` parameter. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code using specially crafted HTTP requests. An attacker can make an authenticated HTTP request to trigger this vulnerability. **Recommendations** For Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) version 5.1.0 Build 20220926, consider disabling the Radio Scheduling functionality until a patch is available. Restrict access to the `httpd portal` binary to minimize the risk of exploitation. Avoid using the `profile` parameter in the affected HTTP requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) version 5.1.0 Build 20220926 **Description** A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality. This issue can be triggered by a specially crafted series of HTTP requests, potentially leading to remote code execution. An attacker can exploit this vulnerability by making an authenticated HTTP request. The overflow occurs via the `action` parameter at offset `0x0045ab38` of the `httpd portal` binary. **Recommendations** For Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) version 5.1.0 Build 20220926, consider disabling the `httpd portal` binary or restricting access to the Radio Scheduling functionality until a patch is available. Avoid using the `action` parameter in the affected HTTP requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) version 5.1.0 Build 20220926 Tp-Link N300 (affected versions not specified) **Description** A denial of service issue exists in the TDDP functionality, related to the use of dangerous methods or functions. This can be exploited by a remote attacker, who can send specially crafted network packets to trigger the issue, potentially leading to a reset to factory settings. An attacker can send a sequence of unauthenticated packets to exploit this issue. **Recommendations** For Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) version 5.1.0 Build 20220926: As a temporary workaround, consider restricting access to the TDDP functionality until a patch is available. For Tp-Link N300: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) version 5.1.0 Build 20220926 **Description** A memory corruption vulnerability exists in the web interface functionality, allowing an attacker to send an unauthenticated HTTP POST request to trigger this issue, leading to denial of service of the device's web interface. The vulnerability can be exploited by sending a specially crafted HTTP POST request. **Recommendations** For Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) version 5.1.0 Build 20220926, as a temporary workaround, consider restricting access to the web interface until a patch is available. Avoid using the web interface functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) version 5.1.0 Build 20220926 Tp-Link N300 Wireless Access Point (EAP115 V4) version 5.0.4 Build 20220216 **Description** A command execution issue exists in the tddpd enable test mode functionality, allowing a remote attacker to execute arbitrary commands by sending specially crafted network requests. This can be triggered by sending a sequence of unauthenticated packets. The vulnerability impacts the `uclited` component on the affected devices. **Recommendations** For Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) version 5.1.0 Build 20220926, consider disabling the `tddpd enable test mode` functionality until a patch is available. For Tp-Link N300 Wireless Access Point (EAP115 V4) version 5.0.4 Build 20220216, restrict access to the vulnerable component to minimize the risk of exploitation. As a temporary workaround, avoid using the affected `uclited` component on the EAP225(V3) 5.1.0 Build 20220926 of the AC1350 Wireless MU-MIMO Gigabit Access Point until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) versions 5.0.4 through 5.1.0 **Description** A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality. This issue can be triggered by a specially crafted series of HTTP requests, potentially leading to remote code execution. An attacker can exploit this vulnerability by making an authenticated HTTP request, specifically targeting the `band` parameter at offset `0x422420` of the `httpd` binary. **Recommendations** For Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) versions 5.0.4 through 5.1.0, consider disabling the Radio Scheduling functionality until a patch is available. As a temporary workaround, restrict access to the `httpd` binary to minimize the risk of exploitation. Avoid using the `band` parameter in the affected HTTP requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.