744 matches found
Command injection
A post authentication command injection vulnerability exists in the GRE policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to...
Command injection
A post authentication command injection vulnerability exists in the ipsec policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to...
Command injection
A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP reques...
Command injection
A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection . An attacker can make an authenticated...
Command injection
A post authentication command injection vulnerability exists when setting up the PPTP global configuration of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTT...
CVE-2023-36498
Summary: CVE-2023-36498 affects the Tp-Link ER7206 Omada Gigabit VPN Router (1.3.0 build 20230322 Rel.70591). Talos’ report details a post-authentication command injection vulnerability in the PPTP client exposed via the web interface (PPTP Client page). A specially crafted authenticated HTTP req...
CVE-2023-47167
A post authentication command injection vulnerability exists in the GRE policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to...
CVE-2023-47167
Summary (concrete details from sources): CVE-2023-47167 affects the Tp-Link ER7206 Omada Gigabit VPN Router (version 1.3.0 build 20230322 Rel.70591). A post-authentication vulnerability exists in the GRE policy functionality via the device’s web interface (uhttpd). A specially crafted HTTP POST r...
CVE-2023-47209
A post authentication command injection vulnerability exists in the ipsec policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to...
CVE-2023-46683
A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection . An attacker can make an authenticated...
CVE-2023-47617
A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP reques...
PT-2024-1663 · Tp Link · Tp-Link Er7206 Omada Gigabit Vpn Router
Name of the Vulnerable Software and Affected Versions: Tp-Link ER7206 Omada Gigabit VPN Router version 1.3.0 build 20230322 Rel.70591 Description: A post authentication command injection issue exists in the GRE policy functionality. This can be exploited by sending a specially crafted HTTP reques...
TP-Link ER7206 Omada Gigabit VPN Router uhttpd Wireguard VPN command injection vulnerability
Talos Vulnerability Report TALOS-2023-1857 TP-Link ER7206 Omada Gigabit VPN Router uhttpd Wireguard VPN command injection vulnerability February 6, 2024 CVE Number CVE-2023-46683 SUMMARY A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality ...
CVE-2023-5372
The post-authentication command injection vulnerability in Zyxel NAS326 firmware versions through V5.21AAZF.15C0 and NAS542 firmware versions through V5.21ABAG.12C0 could allow an authenticated attacker with administrator privileges to execute some operating system OS commands by sending a crafte...
CVE-2023-5372
The post-authentication command injection vulnerability in Zyxel NAS326 firmware versions through V5.21AAZF.15C0 and NAS542 firmware versions through V5.21ABAG.12C0 could allow an authenticated attacker with administrator privileges to execute some operating system OS commands by sending a crafte...
Command injection
The post-authentication command injection vulnerability in Zyxel NAS326 firmware versions through V5.21AAZF.15C0 and NAS542 firmware versions through V5.21ABAG.12C0 could allow an authenticated attacker with administrator privileges to execute some operating system OS commands by sending a crafte...
CVE-2023-5372
The post-authentication command injection vulnerability in Zyxel NAS326 firmware versions through V5.21AAZF.15C0 and NAS542 firmware versions through V5.21ABAG.12C0 could allow an authenticated attacker with administrator privileges to execute some operating system OS commands by sending a crafte...
CVE-2023-5372
The CVE-2023-5372 issue affects Zyxel NAS326 and NAS542. It is a post-authentication command injection in the web management interface that allows an authenticated administrator to execute OS commands by sending a crafted query parameter in the affected URL. Affected firmware: NAS326 up to V5.21(...
PT-2024-1409 · Zyxel · Zyxel Nas326 +1
Name of the Vulnerable Software and Affected Versions: Zyxel NAS326 versions through V5.21AAZF.15C0 Zyxel NAS542 versions through V5.21ABAG.12C0 Description: The issue is related to a post-authentication command injection vulnerability. It could allow an authenticated attacker with administrator...
GL.iNet Unauthenticated Remote Command Execution Exploit
A command injection vulnerability exists in multiple GL.iNet network products, allowing an attacker to inject and execute arbitrary shell commands via JSON parameters at the glsystemlog and glcrashlog interface in the logread module. This Metasploit exploit requires post-authentication using the...