PT-2024-1667 · Tp Link · Tp-Link Er7206 Omada Gigabit Vpn Router
The Vulnerability
·
Published
2024-02-06
·
Updated
2024-02-09
·
CVE-2023-42664
CVSS v2.0
8.3
High
| Vector | AV:N/AC:L/Au:M/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Tp-Link ER7206 Omada Gigabit VPN Router version 1.3.0 build 20230322 Rel.70591
Description
A post authentication command injection issue exists when setting up the PPTP global configuration. This can be triggered by a specially crafted HTTP request, allowing an attacker to execute arbitrary commands. The vulnerability can be exploited through ports 80/443.
Recommendations
For Tp-Link ER7206 Omada Gigabit VPN Router version 1.3.0 build 20230322 Rel.70591, as a temporary workaround, consider restricting access to the PPTP global configuration setup until a patch is available. Avoid making authenticated HTTP requests to vulnerable endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tp-Link Er7206 Omada Gigabit Vpn Router