CVE-2023-47618

Name of the Vulnerable Software and Affected Versions Tp-Link ER7206 Omada Gigabit VPN Router version 1.3.0 build 20230322 Rel.70591

Description A post authentication command execution issue exists in the web filtering functionality due to the lack of neutralization of special elements. This can allow a remote attacker to execute arbitrary commands through port 80/443 by making an authenticated HTTP request.

Recommendations For Tp-Link ER7206 Omada Gigabit VPN Router version 1.3.0 build 20230322 Rel.70591, consider disabling the web filtering functionality as a temporary workaround until a patch is available. Restrict access to port 80/443 to minimize the risk of exploitation. Avoid using the vulnerable web filtering functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.