Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Omada Controller Security Vulnerabilities

cve
cve

CVE-2020-12475

TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link.eap.web.portal.PortalController.getAdvertiseFile in /opt/tplink/EAPController/lib/eap-web-3.2.6.jar.

5.5CVSS

5.6AI Score

0.001EPSS

2020-05-04 02:15 PM
27
cve
cve

CVE-2023-36498

A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to tr...

7.2CVSS

7.3AI Score

0.001EPSS

2024-02-06 05:15 PM
15
cve
cve

CVE-2023-42664

A post authentication command injection vulnerability exists when setting up the PPTP global configuration of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP ...

7.2CVSS

7.3AI Score

0.001EPSS

2024-02-06 05:15 PM
14
cve
cve

CVE-2023-43482

A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulner...

7.2CVSS

7.1AI Score

0.0005EPSS

2024-02-06 05:15 PM
14
cve
cve

CVE-2023-46683

A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection . An attacker can make an authenticated H...

7.2CVSS

7.2AI Score

0.001EPSS

2024-02-06 05:15 PM
16
cve
cve

CVE-2023-47167

A post authentication command injection vulnerability exists in the GRE policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to tri...

7.2CVSS

7.3AI Score

0.001EPSS

2024-02-06 05:15 PM
20
cve
cve

CVE-2023-47209

A post authentication command injection vulnerability exists in the ipsec policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to t...

7.2CVSS

7.3AI Score

0.001EPSS

2024-02-06 05:15 PM
15
cve
cve

CVE-2023-47617

A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request ...

7.2CVSS

7.3AI Score

0.001EPSS

2024-02-06 05:15 PM
14
cve
cve

CVE-2023-47618

A post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to ...

7.2CVSS

7.2AI Score

0.001EPSS

2024-02-06 05:15 PM
19