PT-2024-1662 · Tp Link · Tp-Link Er7206 Omada Gigabit Vpn Router
The Vulnerability
·
Published
2024-02-06
·
Updated
2024-02-09
·
CVE-2023-47209
CVSS v2.0
8.3
High
| Vector | AV:N/AC:L/Au:M/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Tp-Link ER7206 Omada Gigabit VPN Router version 1.3.0 build 20230322 Rel.70591
Description
A post authentication command injection issue exists in the ipsec policy functionality. This can be triggered by a specially crafted HTTP request, allowing an attacker to inject arbitrary commands. The vulnerability can be exploited by making an authenticated HTTP request.
Recommendations
For Tp-Link ER7206 Omada Gigabit VPN Router version 1.3.0 build 20230322 Rel.70591, consider disabling the ipsec policy functionality until a patch is available. Restrict access to the HTTP request functionality to minimize the risk of exploitation. Avoid using the vulnerable HTTP request functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tp-Link Er7206 Omada Gigabit Vpn Router