PT-2024-1783 · Tp Link · Tp-Link Er7206 Omada Gigabit Vpn Router
The Vulnerability
·
Published
2024-02-06
·
Updated
2024-02-09
·
CVE-2023-43482
CVSS v2.0
8.3
High
| Vector | AV:N/AC:L/Au:M/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Tp-Link ER7206 Omada Gigabit VPN Router version 1.3.0 build 20230322 Rel.70591
Description
A command execution vulnerability exists in the guest resource functionality. This issue can be triggered by a specially crafted HTTP request, allowing an attacker to execute arbitrary commands. The vulnerability can be exploited by making an authenticated HTTP request.
Recommendations
For Tp-Link ER7206 Omada Gigabit VPN Router version 1.3.0 build 20230322 Rel.70591, consider disabling the guest resource functionality until a patch is available. Restrict access to the vulnerable functionality to minimize the risk of exploitation. Avoid using the vulnerable HTTP request functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tp-Link Er7206 Omada Gigabit Vpn Router