CVE-2023-47617

Name of the Vulnerable Software and Affected Versions TP-Link ER7206 Omada Gigabit VPN Router version 1.3.0 build 20230322 Rel.70591

Description A post authentication command injection issue exists due to the lack of neutralization of special elements. This can be exploited by a remote attacker to execute arbitrary commands via ports 80/443 by making a specially crafted HTTP request. The vulnerability is related to configuring the web group member.

Recommendations For TP-Link ER7206 Omada Gigabit VPN Router version 1.3.0 build 20230322 Rel.70591, consider restricting access to the web group member configuration until a patch is available. As a temporary workaround, avoid using the vulnerable configuration options to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.