First published: Tue Feb 06 2024(Updated: )
A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability and gain access to an unrestricted shell.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
Tp-link Er7206 Firmware | =1.3.0-build_20230322_rel_70591 | |
Tp-Link ER7206 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.