First published: Tue Feb 06 2024(Updated: )
A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection . An attacker can make an authenticated HTTP request to trigger this vulnerability.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
TP-Link ER7206 Firmware | =1.3.0-build_20230322_rel_70591 | |
TP-Link ER7206 Firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-46683 has been classified as a critical vulnerability.
To mitigate CVE-2023-46683, update the firmware of the Tp-Link ER7206 Omada Gigabit VPN Router to the latest version.
CVE-2023-46683 is a post-authentication command injection vulnerability.
CVE-2023-46683 affects the Tp-Link ER7206 Omada Gigabit VPN Router running version 1.3.0 build 20230322 Rel.70591.
Exploitation of CVE-2023-46683 requires authentication, making it an authenticated attack vulnerability.