PT-2024-19078 · Tp Link · Tp-Link Er7206 Omada Gigabit Vpn Router

The Vulnerability

Published

2024-06-25

Updated

2025-09-05

CVE-2024-21827

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Tp-Link ER7206 Omada Gigabit VPN Router version 1.4.1 Build 20240117 Rel.57421

Description A leftover debug code vulnerability exists in the cli server debug functionality. This issue can be triggered by a specially crafted series of network requests, leading to arbitrary command execution. An attacker can exploit this by sending a sequence of requests.

Recommendations For Tp-Link ER7206 Omada Gigabit VPN Router version 1.4.1 Build 20240117 Rel.57421, consider disabling the cli server debug functionality as a temporary workaround until a patch is available. Restrict access to the debug functionality to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-489

Related Identifiers

CVE-2024-21827

Affected Products

Tp-Link Er7206 Omada Gigabit Vpn Router

PT-2024-19078 · Tp Link · Tp-Link Er7206 Omada Gigabit Vpn Router

CVE-2024-21827

Weakness Enumeration

Related Identifiers

Affected Products

References · 6