3 matches found
CVE-2023-46683
A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection . An attacker can make an authenticated...
CVE-2023-46683
CVE-2023-46683 affects TP-Link ER7206 Omada Gigabit VPN Router (1.3.0 build 20230322 Rel.70591). Talos documents a post-authentication command injection in the uhttpd-based web interface when configuring the WireGuard VPN, triggered by crafted HTTP requests after login. Impact is arbitrary comman...
TP-Link ER7206 Omada Gigabit VPN Router uhttpd Wireguard VPN command injection vulnerability
Talos Vulnerability Report TALOS-2023-1857 TP-Link ER7206 Omada Gigabit VPN Router uhttpd Wireguard VPN command injection vulnerability February 6, 2024 CVE Number CVE-2023-46683 SUMMARY A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality ...